Best Practices for Mobile Privacy in BYOD
acullen | February 25, 2013
Privacy is top of mind for every enterprise deploying BYOD programs. A few months back we posted a thoughtful report from analyst Richard Absalom of Ovum called “International Data Privacy Legislation Review: A Guide for BYOD Policies,” which reviewed privacy regulations across eight countries and assessed the impact of those regulations on BYOD policy in the enterprise.
Credible privacy programs will be the one of the most important factors in employee adoption of a corporate BYOD program. Though employees using corporate-owned devices also have concerns, employees using personally-owned devices are especially worried about the implications of enrolling in a program where IT will exert some level of control over device and data. It is a complex topic, and employees don’t always know where to go to get answers on privacy questions. Some will just avoid risk and choose not to participate in a BYOD program. Others will escalate to Human Resources, and IT may find itself scrambling to provide a statement on just what they can see and do on mobile devices. Some even contact us directly – our Support team fields a large number of requests on this topic from end users.
The first best practice for IT is to get ahead of these questions and provide this information up front to employees. Then they can make informed decisions about whether to participate in the company BYOD program and which actions they may or may not want to take on their device.
The good news is that employees’ worst fears are rarely realized. The consumer devices that have flowed into the enterprise simply don’t provide IT the level of usage monitoring and control that would make many employees decide that they would really rather carry two devices.
The second best practice is to detail not only the access IT might have to a device, but also why this level of access may be necessary and what the circumstances would be under which IT would use it. For example, some employees might be concerned that their mobile administrators could view the apps that are installed on their devices. Explaining that this level of access is necessary to ensure that malware can be spotted will help assuage employee’s fears and enable them to make a rational decision on whether or not to participate in the program.