Your SlideShare is downloading. ×
0
BYOD Participation Agreement
BYOD Participation Agreement
BYOD Participation Agreement
BYOD Participation Agreement
BYOD Participation Agreement
BYOD Participation Agreement
BYOD Participation Agreement
BYOD Participation Agreement
BYOD Participation Agreement
BYOD Participation Agreement
BYOD Participation Agreement
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

BYOD Participation Agreement

2,186

Published on

In this presentation, Dentons’ Timothy Banks discusses BOYD (Bring Your Own Device) Participation Agreements, key topics include: …

In this presentation, Dentons’ Timothy Banks discusses BOYD (Bring Your Own Device) Participation Agreements, key topics include:
- Administrative Issues
- Technical Controls
- Managing Day-to-Day Online Risk
- User Responsibilities
- Employer Access and Ownership
- Monitoring
- Employee Access
- Respect the Workday

Published in: Business, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
2,186
On Slideshare
0
From Embeds
0
Number of Embeds
14
Actions
Shares
0
Downloads
22
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Dentons Canada LLP BYOD Participation Agreement A framework Timothy M Banks, CIPP/C Partner T: 416-863-4424 timothy.banks@dentons.com follow: @TM_Banks Originally presented at the Canadian Institute’s 19th Annual Regulatory Compliance for Financial Institutions, November 14, 2013
  • 2. Administrative Issues Prescribed Devices Service Level Standards • Limit suite of supported devices • IT/IS’s commitment • No unencrypted flash drives!! • Directory of supported devices • Caution against upgrades before testing Administrative Prerequisites • Who qualifies? What approvals? • Number of devices per individual • Financial support (or not) • Ready or not – IT/IS is now a service provider to employees • Employee’s commitment
  • 3. Technical Controls IT/IS Controls • Device must be registered with IT • Inventory of devices • Encrypted storage • Digital Certificates • No manipulation • Strong authentication controls • No circumvention Mobile Device Management Software • Implement • Explain! • Audit of compliance with IT standards • Remote disabling, wiping • App / Software restrictions 3
  • 4. Managing Day-to-Day Online Risk Maintenance Managing Online Risk • Update malware protection • Use malware protection • Applying operating system patches • Comply with authentication requirements • IT MUST cooperate Backups • User responsible for own data • IT – don’t frustrate with unnecessary controls Unsecured WIFI • Explain Risks • Policy against unsecured Restricted sites • Safe Apps & Software directory
  • 5. User Responsibilities Physical Security • Device must not be left unattended • Examples: No vehicle trunks • Loss of possession reported immediately • No family-sharing of devices Responsibilities on termination of employment Data Control and Access • Data stored on network not device Segregation of Data • Work data in work apps • Personal data in personal apps • If you have a Gmail account on your phone, why are you using work email for personal business? 5
  • 6. Employer Access and Ownership • Rights & Interest in Data • Rights of Employer Access • Waiver of ownership or rights in business data • Internal investigations • Responsibilities on termination of employment • Company litigation • Regulatory investigation • Compliance audits • Confidentiality to Employees • You are now a service provider 6
  • 7. Monitoring Scope of Monitoring • Usage • Geolocation • Types of Apps • Attempts to jailbreak • Personal data Purpose of Monitoring • Policy enforcement • Productivity Consequences of Monitoring • Who gets the reports? • What are the consequences of violation? • Where is the monitoring data kept? • How long is the monitoring data kept? • Consider overtime issues Monitoring Methods • Automatic with reporting • Automatic with exception reports • Reasonable suspicion 7
  • 8. Employee Access Employee Access Access by & Disclosure to Others • Access to the data • Stored in Canada? In U.S.? • What data will not be provided • How to get more information • Advise that laws of other jurisdiction may apply • Available to foreign corporate parent? • For what use? • Circumstances in which disclosed to law enforcement
  • 9. Respect the Workday Work hours = Work • Doesn’t matter that it is “your” device • Two way street Restricted Site on Own Device • On a site that would otherwise offend code of conduct during work hours • Does it matter that it was lunch break? 9
  • 10. Questions Timothy M Banks t: 416-863-4424 e: timothy.banks@dentons.com follow: @TM_Banks Dentons Canada LLP 10
  • 11. The preceding presentation contains examples of the kinds of issues that corporations could face. If you are faced with one of these issues, please retain professional assistance as each situation is unique. 11

×