Making Bring Your Own Device (BYOD)
The latest challenges to your business’ eDiscovery policies and procedures may not be changes in the law but may instead be changes in your employees’ lifestyles: they have smartphones and they want to use smartphones to facilitate their work.
A 2011 study by IDC and Unisys showed that approximately 50 percent of respondents reported using personal devices to conduct business on vacation. This is great news for businesses and shows the advantages of allowing BYOD. Unfortunately, the same survey also indicated that 29 percent of respondents used the devices while in bed and around 20 percent while driving, statistics that are probably less heart warming.
And how are IT departments managing all of this? Survey respondents indicate that they now do less than they did in 2010 to secure mobile devices, including publication of social media guidelines (46 percent vs. 60 percent), required employee training (52 percent vs. 64 percent), usage of complex passwords (48 percent vs. 57 percent) and single sign-on (52 percent vs. 73 percent).
The same survey also revealed that three quarters of IT executives believe allowing personal devices increase employee morale and 72 percent say that employees who bring consumer devices into the workplace are more productive.
Does this mean you should leap into BYOD? Without fully understanding the potential pitfalls, you should probably not leap. In brief, your challenges to allowing BYOD are the following:
You don’t own the device: you don’t control the device.
There are lots of types of data that can be in play with BYOD.
BYOD means data may reside in multiple locations. For example, copies of system emails that normally would only reside on a work machine will also reside on a smartphone or, thanks to said smartphone, be stored in the cloud
Keeping data on these devices safe is difficult. Retrieving the data is near impossible.
As with most eDiscovery-related challenges, BYOD is best managed with a comprehensive policy to manage the program. A thoughtful look at ways to create policies and procedures that can safely allow BYOD into the workplace is covered in depth by this whitepaper from Intel.
Intel has established a service agreement for employees who want to engage in BYOD. The agreement spells out how eDiscovery requests will be handed from both the Intel and employee perspective. Through careful management of device settings, such as ensuring that devices are configured to save changes to the user’s corporate mailbox (instead of saving to the device or cloud-based storage associated with the device), the corporate servers will remain the best source of eDiscovery data collection.
When faced with eDiscovery as it applies to BYOD information, the more clarification that can be obtained about the requested information, the better off you will be. Work closely with your organization’s legal team to establish exactly what information is being requested. Narrow search parameters will save both time and any personal data that exists on the device in question.
And before you need to deal with eDiscovery, be sure that both the IT and legal departments have a good working relationship and that they engage in conversations about BYOD and all of its implications, including – but not restricted to – issues of eDiscovery.
By Jeff Patterson,
An entrepreneur in the field of technology, Jeff Patterson is driven to find ways to make technology a safer and more integrated part of daily life. A trailblazer in the area of K12 email and student safety, Patterson’s innovations have also led the way in data storage. His product, Gaggle Archive, provides inexpensive, cloud-based archiving that truly facilitates and simplifies eDiscovery. In 1999 he started his company, Gaggle, with one employee; the company currently has a staff of 50.