Mar 09, 2015
How Effective BYOD Policies Can Help Limit Legal Exposure
In and of themselves, BYOD programs don't pose legal issues to companies that use them. However, when employees circumvent organizational security protocols to access work-related systems—such as policies against accessing insecure public WiFi networks—this exposes the organization to uncontrolled levels of risk, as do other aspects of connectivity to systems that contain sensitive corporate and customer information. Employees aren’t necessarily familiar with the security risks associated with using personal devices that contain proprietary company and customer information. Potential liabilities associated with BYOD programs can include:
- Lost or stolen devices that are either unsecured or unencrypted where sensitive organizational data can fall into the wrong hands.
- An employee violates a breach notification law such as the breach notification rule under the Health Insurance Portability and Accountability Act (HIPAA).
- Data transfers that occur across national borders that may violate international or country-specific laws.
- If an employee is on a business call and is involved in an automobile accident while driving, the employer can be sued for damages along with the employee—even if the employee is using a hands-free device, according to case law.
- Transfer of data deemed to represent trade secrets.