Byod wipl power point - trb (2485679 1)-sh_edits
Upcoming SlideShare
Loading in...5
×
 

Byod wipl power point - trb (2485679 1)-sh_edits

on

  • 436 views

 

Statistics

Views

Total Views
436
Views on SlideShare
401
Embed Views
35

Actions

Likes
0
Downloads
6
Comments
0

3 Embeds 35

http://www.wiplevent.com 26
http://archive.wiplevent.com 8
http://webcache.googleusercontent.com 1

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • BYOD refers to Bring Your Own Device. Similar terms are Bring Your Own Computer (BYOC), Bring Your Own PC (BYOPC) or Bring Your Own Technology (BYOT). BYOD can be very general and encompass all devices, but usually refers to very personal devices like smartphones and tablets. BYOD is all about the trends/policy of allowing employees to bring personally owned devices to the workplace and use these devices to access company resources.
  • Enable the first phase of your business mobility strategy by placing a “mobile veneer” on existing processes and service including decision support and collaboration tools Implement a device certification process with guidelines and evaluation criteria to provide timely availability so state-of-the-art devices and communicate how user can acquire and provision devices. Develop technical and policy solutions that cover the fundamentals including access controls, data wipe, configuration, data partitioning, encryption, authentication and network access. Provide users with an understanding of mobile security risks, their responsibilities, acceptable and inappropriate use policies, prerequisites for connecting a device to the network and the consequences of negligence to them and the business Implement cross-platform tools to reduce the need for platform specific application development and establish a trusted private enterprise application store. Implement a cross platform centralized device management solution to monitor device health and control configuration settings

Byod wipl power point - trb (2485679 1)-sh_edits Byod wipl power point - trb (2485679 1)-sh_edits Presentation Transcript

  • Diamond Sponsors: Platinum Sponsor: Gold Sponsor: Presented By: Bring Your Own Device or Bring Your Own Disaster
  • Anne Dill Corporate Associate General Counsel Mia Belk Senior Counsel Shirley Hart National Leader, End User Technology Teresa Rider Bult Managing/ Administrative Partner tbult@constangy.com
  • Agenda  What is BYOD?  BYOD Considerations • Technology • Process • People/Culture  Legal Perspective • Privacy • Data Protection • Litigation
  • What is BYOD?  BYOD – Bring Your Own Device • Usually refers to smartphones and tablets • BYOC, BYOPC, BYOT are similar terms • Part of the “Consumerization” movement
  • BYOD Drivers Aren't Coming Just From End Users Time "I easily bypass IT — they don't get User Interest "I'm too important!" Just this little exception, please. After all I am the boss! "I need better equipment!" Organizational Interest Contain rogue devices More of your employees than you realize are already using their equipment to attach to your network! Reduce support burden Shift costs to users Maintain attractive work environment for hiring System Capability Effective Functionality Gap { Legacy Envisioned Functionality Required Functionality Source: Gartner, 2013
  • Why BYOD?  Does it make business sense? • Employee satisfaction • Recruitment and retention • Productivity • Risk and compliance • Cost savings?  Business Reaction to BYOD • Embrace • Support • Ignore • Restrict
  • BYO: The Trend Is Clear• More than 60% of employees report using a personal device for work • Two thirds of consumers report that work influences what they buy for personal devices • By 2015, the emphasis will shift toward cost-reduction through mandatory BYOD programs • PC BYOD Lags Smartphones and Tablets (<8% of companies), but will accelerate in 2014+ Source: Bring Your Own Device: The Facts and the Future, 2013 N=453
  • How often employees use personal devices for work purposes
  • BYOD -- Technology  Devices • SmartPhones/Tablets • Computers  Management/Control • Mobile Device Management • Network Access Control • Virtual Desktops • Containerization  Support/Maintenance
  • BYOD -- Process  Spend • Stipends, voice/data  Governance  Policy • Data wipe/data storage • Application usage  Security  Support
  • BYOD – People/Culture  Demographics • It’s not for everyone • Younger employees tend to be more proactive and accepting • Increasing level of computer savvy  Fit with company industry and culture • Support environment • Industry perspective
  • • Powerful and connected smartphones and tablets have penetrated every facet of our personal and professional lives and are used continuously over the course of the day. • Employees increasingly want to use their favorite mobile device for personal and professional use. They want to store personal data and install Internet games on devices used to access enterprise applications and data. Summary: The BYOD Challenge BYO Rationale • User Perspective: – Desire for one device and phone number, not two – Desire to fully own the decision process when selecting a personal device – Desire for the latest and greatest gadget • Company Perspective: – Increased staff productivity due to better morale & hardware – Potential to reduce hardware, monthly service, provisioning and ongoing support costs • IT Department Perspective: – Potential for reduced IT staff workload as users move off employer provided devices and onto BYO devices BYO Challenges • Security – Enterprise data confidentiality, integrity and availability – Liability for personal data (wipe, central storage) – Defining the security perimeter • Applications – Impact of heterogeneous device environment on application development and support requirements • Support – Device certification, provisioning and management • Cost – Potential loss of corporate-level volume discounts because of personal purchase. Enterprises should align user mobility expectations, IT capabilities and the needs of the business. Failure to act may increase security risk as unmanaged mobile devices continue to connect to the enterprise network. Source: Deloitte
  • 1. Sexting, sexual harassment, and discrimination 2. Social Media Content 3. Off the Clock/ Overtime liability 4. Distracted driving/ Workplace Safety 5. Unsecured data/ Lost Devices. 6. Litigation Holds BONUS CONTENT: 1. Criminal Liability? 2. Terminations and Wiping Devices 3. Performance Management 4. International Law
  • •40% of adults up to age 34 admit to “sexting.” •Text more casual than emailing (if you can believe it!)
  •  New problems: • Snapchat • Instagram
  •  Exhibit A: No longer he said/ she said – PROOF.
  •  BYOD PROBLEMS: • Not owning the device takes away a level of control • Less control over content – can’t spy on employees’ use of Facebook (or can you?).  Discrimination: Access to employees’ devices may mean employers have more information than they want • Porn? • Genetic Information Nondiscrimination Act (GINA)-related concerns. • E.g., Diabetes Management App?
  •  Blocking Social Media Sites from Company Network does not block those Sites from BYOD devices  Racist comments posted on Twitter or a photo of an employee trespassing (even if it's done as a prank), can be used as evidence in a lawsuit that also names the employer as a defendant.
  •  Non-exempt workers with devices presents problems (BYOD or not).  Universal Problems: • Texting: • Managers texting non-exempt employees re: scheduling or before-work errands • Employees texting re: tardies, changing schedules (how does this affect FMLA notice?)
  •  BYOD problems: • Non-Exempt Employees with work email on personal devices may be more likely to continue to check emails/ work after they leave. • I.e., How do you distinguish when you are working versus not with your own device? • Exempt employee on leave of absence may work on smartphone or tablet, accessing email and checking in on projects, etc. • If employee does work for more than a de minimis amount of time – typically lasting longer than a couple minutes – she may be entitled to an entire week’s pay.
  •  Do you believe your company could be liable for injuries sustained while driving and using a device? a) Yes b) No  Would (should?) liability be worse if it is Company-Owned or BYOD? a) Yes b) No
  •  $24.7 million involving a 2008 crash in Missouri that killed three people and injured 15. • Driver of tractor-trailer was checking his phone for text messages; his truck ran into10 vehicles stopped in backed-up traffic on freeway. • A plaintiff who sustained serious brain injuries, leaving him paralyzed and unable to walk or talk until his death in 2011, was awarded $18 million; $6 million was awarded to the family of one of the deceased; and $700,000 was awarded to a victim who suffered broken bones.  $21.6 million award for a 2007 crash in Ohio • driver rear-ended vehicle on freeway in company car, causing the vehicle struck to cross the median into oncoming traffic - one fatality at the scene. • Cell phone records showed employee driver was using cell phone at the time of crash.  $16.1 million settlement for a 2001 crash in Arkansas • lumber distributor salesman crashed while talking on his cell driving to sales appointment. The crash severely disabled a 78-year-old woman.
  •  Trade Secrets • Did you REALLY protect them if they somehow made their way to an employee’s personal device?  Sensitive Data about Clients/ Employees • Soooo easy to access • Possibility it could be used against your company in court  Shared Devices (friends, family, neighbors. . .)  Insecure Mobile Access
  • http://www.milner.com/company/blog/technology/2013/08/26/the-risks-and-danger-of-byod
  • • FRCP 34 • party must preserve and produce responsive docs & electronically stored information in its possession, custody & control. • Control ≠ party having legal ownership or actual physical possession. • Control = the right, authority or practical ability to obtain docs from nonparty. • Likely employer “controls” work product employees create in furtherance of their employment. • Employers have to collect and produce corporate documents by request even if the documents are in the employee’s home???
  •  Spoliation Sanctions Awarded after defendant corporation failed to preserve or disclose any text messages from a key defendant’s cell phone in response to the plaintiffs’ first discovery request • http://www.krollontrack.com/resource-library/case-law/?caseid=26480
  • • No allegation that company issued cell phones to company or that employees used cell phones for any work-related purpose • Court ruled that the phone and text messages were not in company’s “possession,” and therefore they had no obligation to produce. • But limited to a failure to plead issue. • Case recognizes that it is difficult, if not impossible, for employers to fully control employees’ usage and deletion of data on personal devices. BYOD might actually help with spoliation issues? http://www.lxbn.com/tag/cotton-v-costco-wholesale-corp/
  • 1. Performance Management – Close your eyes! • If IT has access to the personal content on phones as well as business content, how do you close your eyes to ONLY manage business- performance? • You may see things on device you don’t want to see. 1. Criminal Liability? • Once a device is used to perform work, employers have the right to the information on it--and they can be held accountable for any laws broken through its use. 1. Terminations and Wiping Devices • Most targeted “wipes” require employee to hand over device • You can typically wipe the entire device remotely, but will wipe ENTIRE device. 1. International Issues
  • http://www.eweek.com/mobile/slideshows/byod-brings-benefits-but-dont-ignore-the-risks-isf.html
  • 1. Require employees to consent, in writing, to allow the company’s access to its data on their devices. 2. Check Union Contract 3. Restrict BYOD usage by company executives, legal, HR, and other members of your organization who are privy to highly confidential company information 4. Evaluate which other employees you will permit to BYOD (nonexempt?) 5. Install MDM (mobile device management) software 6. Restrict employees from using cloud-based apps, cloud-based backup, or synchronizing with home PCs for work-related data (hard to enforce) 7. No use by friends and family members!
  • 8. Rethink your Exit/ Termination process 9. Clear statements that include consequences (i.e. if you are caught sending sexually explicit texts in the workplace you could face termination) 10. Training programs to address mobile liabilities 11. Heightened security measures like remote wipe and other capabilities 12. Users acknowledge that they understand their personal devices could get confiscated for unspecified periods, in the event of a legal hold. 13. Explain How Much Device support employees will receive 14. Keep track of the BYOD devices in use to ensure adequate document retention and preservation
  • Anne Dill Corporate Associate General Counsel Mia Belk Senior Counsel Shirley Hart National Leader, End User Technology Teresa Rider Bult Managing/ Administrative Partner tbult@constangy.com