Digital security and identity management company Route1 Inc. has released a white paper titled Avoiding BYOD Legal Issues. The paper outlines the wave of emerging legal pitfalls facing the Enterprise with respect to the current BYOD practices of commingling of personal and enterprise data on mobile devices. The legality of the common practice of remotely wiping or tracking an employee’s mobile device while asking workers to sign waivers giving their consent for such a policy remains highly ambiguous, as there is little to no case law in this area. Employee resentment over these invasions of personal privacy is growing with concerns about losing personal data when using their own devices for work, and the potential violation if their employer viewed their personal information.
Employees of the federal government are facing the same threat to their privacy with respect to GPS tracking, under the Freedom of Information Act. With both Enterprise and government employees concerned about their privacy, unions will likely become involved in the BYOD security debate and mobilize on behalf of the workers they represent.
The Enterprise risks litigation when remote monitoring of employee devices leads to the viewing of confidential personal information. Acts such as the Genetic Non-discrimination Act of 2008 and the Americans with Disabilities Act protect information pertaining to workers’ genetics and disabilities. These Acts present significant legal implications to organizations viewing such information. Companies also face legal action from the federal government if their inadequate security measures fail to preserve client data. For example, the U.S. Department of Health and Human Services has recently obtained seven-figure settlements from healthcare institutions that failed to protect patients’ health information under the regulations provided in the Health Insurance Portability and Accountability Act (HIPAA) of 1996.
As the workforce becomes more disgruntled about BYOD security policies, Enterprises may face mass litigation soon, with no clarity on how to react.
Tony Busseri, CEO of Route1, stated, “Along with security concerns, BYOD has brought the potential of major legal issues for the Enterprise to the forefront of senior management discussions. Many current BYOD corporate policies leave enterprise data unprotected in the event of a security breach and during an employee’s exit from the company. The policy of tracking and wiping an employee’s personal device opens the Enterprise up to the potential for mass litigation.”
Mobile Device Management (MDM) software, the current standard of legally questionable BYOD security, is ineffective and inflicts extensive hard and soft costs on the Enterprise. MobiKEY, Route1’s flagship technology, eliminates these issues. It allows employees to work on their personal devices while keeping the enterprise data behind the company firewall, thus eliminating the need to wipe or track employee devices. MobiKEY is a cost effective solution – currently used by some of the U.S. Government’s most secure agencies that provides the highest level of network security.
Mr. Busseri continued, “Route1’s MobiKEY technology eliminates current BYOD legal concerns. The MobiKEY device prevents data from leaving the Enterprise network, thus keeping information secure. This system prevents the need for a company to potentially invade an employee’s privacy rights, removing the threat of litigation.”