No Foolin’ – Legal Implications of Using Personal Tablets and Smartphones at Work

Let’s imagine a scenario. You are the director or CEO of a small industrial company. You buy yourself a nice high-spec iPad as you’ve read all about the ease of use. You eventually decide it is easier to use than that Windows PC in your work office, so you take it to work and ask the IT guys to connect it to the company systems. They oblige. They even arrange to connect your personal tablet and smartphone into the company network each time you come to work. Meanwhile, someone in R&D sees a new patent for a product similar to one your company manufactures. He sees an improvement that could be built into your product and he persuades the design team to upgrade the design accordingly. They don’t acknowledge the use of the patent information. Eventually, the patent holder sues your company for use of the patent design without authorization. As part of the discovery process, the plaintiff’s lawyers request access to all senior officers’ IT equipment. So your iPad and iPhone are seized as they contain, or may contain, information relevant to the case. Did you know about the product redesign? Did you authorize it via email, maybe from your iPad? Discovering the information needed to take the case to court could take a long time. Could you function without your tablet and phone during this time? And, just as importantly, what will the plaintiff’s lawyers do with any of your personal information that they find? I don’t mean your high score on Candy Crush, but photographs you took, or personal email you sent from your tablet. You see, while connected to corporate systems, your personal tablet and smartphone are deemed to be “corporate” IT products. If there is a reason why your position in the company leaves you open to an investigation, your personal equipment may need to be searched. If it contains a mix of company and personal data, is it easy to differentiate between the two? Did the IT department install software on your device to keep company and personal data private? They might have to in order to delete company data and emails on your tablet or phone if you ever leave the company’s employment. And what do you have to do in order to protect company information on your tablet or phone when you are at home? Does it matter if your spouse uses your tablet? How about your children? Does their using the device breach data security rules enforced by your company? If you work in the IT department of a company that permits Bring Your Own Device (BYOD), you need to put into place rules about sharing of company data on privately-owned equipment, perhaps ask users to permit you to install apps to keep company data and email separate from private data and email. If you have doubts about the above information, see these articles: http://www.techrepublic.com/blog/it-security/security-policies-must-address-legal-implications-of-byod/9280/ http://www.legaltechnology.com/latest-news/comment-managing-security-and-the-implications-of-byod/ http://insights.wired.com/profiles/blogs/legal-implications-of-byod-security-measures-ineffective#axzz2wLN957fN https://www.privacyrights.org/bring-your-own-device-risks