Slashdot Mirror
Employee-Owned Devices Muddy Data Privacy Rights
snydeq writes "As companies increasingly enable employees to bring their own devices into business environments, significant legal questions remain regarding the data consumed and created on these employee-owned technologies. 'Strictly speaking, employees have no privacy rights for what's transmitted on company equipment, but employers don't necessarily have access rights to what's transmitted on employees' own devices, such as smartphones, tablets, and home PCs. Also unclear are the rights for information that moves between personal and corporate devices, such as between one employee who uses her own Android and an employee who uses the corporate-issued iPhone. ... This confusion extends to trade secrets and other confidential data, as well as to e-discovery. When employees store company data on their personal devices, that could invalidate the trade secrets, as they've left the employer's control. Given that email clients such as Outlook and Apple Mail store local copies (again, on smartphones, tablets, and home PCs) of server-based email, theoretically many companies' trade secrets are no longer secret.'"
Who profits by muddied waters? Wasn't this all figured out decades ago when employees got home telephones and occasionally talked business on them?
"Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
That should invalidate a trade secret, seeing how insecure that is. Unless they use encryption (just kidding, I know they don't).
If InfoWorld cannot get enough hits on his articles by themselves (see other discussions here) then why does Slashdot have to link to them?
How to thwart the high priests of IT
http://it.slashdot.org/story/11/12/18/2154224/how-to-thwart-the-high-priests-in-it
Seriously?
I've kind of felt that personal devices like phones and such should be treated as extensions of your own mind. For example, they should be covered by the fifth amendment.
This means, from a trade secret standpoint, that transmission of the secret from your device to an unrelated third party should be treated as if you personally wrote out the trade secret and sent it. And if your device was hacked, it should be legally treated the same as if you were conned into revealing the trade secret. But you employer should have absolutely no rights with regards to examining what's on your device. It should be treated as a black box.
Need a Python, C++, Unix, Linux develop
This is an issue employers have ignored for years. I brought this up to my employer several years ago as an upcoming issue in the future and no one wanted to hear it. They insisted their what you can do with our devices on our network was sufficient.
A few recent submissions to Slashdot have been from end users complaining about miserly IT overlords refusing to allow personal devices onto the network, and telling the end users "No you can't." These articles were all written from the manager's standpoint, whereby they figured if their use of their personal devices was going to allow them to be more productive, then there was no reason to say they couldn't use them. Right? Well, the legal issues surrounding them are a very good way to say "wrong." Between all the compliance issues and security risks that personal devices entail, the legal headaches and challenges that could ensue if something goes awry should be enough of a deterrent for most businesses.
Occasionally living proof of the Ballmer peak.
There are a few things that the users who want company (email/data/whatever) on their personal (iCrap/PC/whatever) don't think about.
1) Is the remote wipe functionality such that if I have to zap your device it will only nuke the company data? Are you willing to lose ALL the data on your phone? I've heard about folks suing their employers over this.
2) If I suspect you're up to no good and you're using a company device I can take that device and conduct forensic analysis on it. If it's your personal device I can't force you to surrender it.
3) Are you willing to pay for whatever security software IT mandates?
I know there are some Mobile Device Management packages out there working on this, and hopefully the best practices will all be sorted out soon. However coming up with these best practices (and buying the software/etc to support them) is not free. So to the employee they think "Hey, this doesn't cost you anything! I bought the phone!" But they don't see the TCO at all.
"Where quality is like a dead stinking rat - you just can't miss it."
That series of articles was written by the same guy writing this article.
Which are exactly the points that everyone here brought up in response to those previous articles.
And those reasons are the reasons why companies do NOT do what he claims that they ARE DOING now (and the point of his previous articles).
Who "owns" the work you do for the company on your personal computer? What rights does the company have to your personal computer when you leave?
Why even get into a discussion of that? The company issues you a laptop to use at home and you are supposed to use that laptop for company work. When you leave, the company gets the laptop back.
No questions. No problems.
But simple solutions like that do not generate articles about how companies are allowing employees to bring whatever they want into the company and connect it to the company's private data.
Even though he had not interviewed a SINGLE CIO from any company in the health-care industry stating that they did what he claimed they did.
Many large companies have very simple policies about this for this very reason: ABSOLUTELY NO DEVICES NOT COMPANY SUPPLIED ON THE NETWORK. If the company is counting on trade-secret status for things like customer lists of course this is going to be in jeopardy once the customer list is loaded onto a non-corporate-owned device. It is at least going to open the door sufficiently that it is going to be very expensive to litigate in the future.
You can easily envision the employee with the customer list on their personally-owned phone walking into their new employer with what they feel is a leg up on all the other sales people. It's on their phone, it is their list of contacts that they have been dealing with for years and now they can offer them new stuff from their new employer. Why not, right? Well, if you do it with paper you are going to get sued. My guess is that if you do it with your phone it is going to be a lot more complicated than it would have been before.
A large part of the problem is that some companies simply do not understand the ramifications of having their supposedly private, secret information scattered about. They plug in a wireless router on the internal network without thinking it through, perhaps comforted by the knowedge that they used the best 26-character WEP password they could think up.The president brings in a iPad into a completely Windows-centric environment and wants to be able to use it with company data - not knowing that the application makes a static copy of the entire database on the device.
Yes, there are some nice nifty devices out there that the company hasn't seen fit to buy yet. That doesn't mean they should be on the network. And the whole question of user-owned devices being securely within the trade-secret umbrella or not is one that will only be resolved through a lot of court cases. And some people would do very well to remember that it isn't the successful business that gets to be one of the "first" in litigation.
Email, flash drives have already created the problem. Once an email is sent, it can be copied without goverence, at least it can be tracked. Flash drive access is another story (stuxnet). A device or media does not really protect a trade secrete, loyal staff and information policies as always is where protection is best started.
That is a big one as well.
what about companies that make you buy / pay part of the cost of there system??
Now if they are forceing you to buy there system then you should be able to install any game or app you want but what about mixed cases where the company and you both pay for the system who own's it and who has the right to data and out of work use?
The Congress shall rapidly remedy it, in employers' favor. What, are you against campaign financers job creators?
ICO issues guidance about private emails, reminding the public sector that the Freedom of Information Act covers private emails if they are used for business matters.
"Christopher Graham, the information commissioner, said: "It should not come as a surprise to public authorities to have the clarification that information held in private email accounts can be subject to freedom of information law if it relates to official business."
Not really a device thing... but related none the less.
This sort of things seems to me common? Seems to be a cultural divide.
There are two groups of people at my company when it comes to IT Home/Work segregation when you get past those who don't want anything to do with computers and such.
Group 1: Get work appliances and take them home to use as home devices. So much so that we occasionally have to contact these employees and explain we need their cellphones, laptops, etc. devices back as they belonged to the company. No, we did not care that they would be able to use facebook or have a phone until they got new devices from their new jobs.
Group 2: Bring in their home phones, laptops, etc.
Group 1 tends to be upper management. Group 2 a random lower manager or two, supervisors and hourly.
__
One quick tangentially related question:
IT purchasing freeze. They want to keep their user@company.com emails for prestige appearance, but haven't decided yet to renew the company.com domain name that is up Wednesday. I'm seriously considering just buying it myself and filing for reimbursement since it falls under my job duties to renew it, if they would give me the money for it.
I'm afraid of following scenarios:
1) I don't do it we risk losing it and someone taking it and using it against us by setting up a webpage and/or using it to get emails sent to that domain.
2) I do get it, but the company owns it and refuses to reimburse.
3) I do get it, I have ownership now. I become Terry Childs 2.0.
A trade secret hasn't left the control of the company just because it is on my personally owned device - as long as I have a legal duty not to pass it on any further. As an employee, I would have that duty, just as any outside company or person under NDA would have.
Life is pretty fucking simple:
- the company's data belongs to the company
- the individual's data belongs to the individual
- customers' data belongs to the customers and is protected by law
So don't allow customer data onto insecure personal devices, decide whether you'll allow company data onto those devices and accept that your employees will have data you don't control on them.
Shit, I work for a bank, I can think of a dozen ways of permitting end user computing in the office without breaking any FSA regulations, the law or unreasonably jeopardising the company.
You can not own the information..
I don't know if you can own information, but there is definitely a concept of secrets and privacy. Your own thoughts should be protected so that you can think freely without fear. By extension, it's reasonable to imagine that companies should be allowed to have trade secrets. Just as it would be upsetting if people set up a scaffolding half a mile away and directed a super long zoom lens into your bedroom; even if they did it from their own property; it's reasonable to allow companies some ability to protect trade secrets.
It seems to me that this, where you are restricting the right of someone to spy on information which is held primarily by the company, is on much stronger ground than copyright, where you try to restrict someone else from saying something which is already in their mind.
=~ s,(.*),<sarcasm>$1</sarcasm>,g if any_point_you_wish();
Make it say if you do not sign off on the funds to renew our web site name (add more to make it sound like it's not the severs) can end up sending people to a other company or maybe even end becoming a porn site. Put in links to other dead web sites maybe even goatse.cx saying some other person can buy our site and trun it in to that.
Saying this doesn't make it so, and it has nothing to do with self-centered sociopaths. There are many legal theories of information ownership, and they're time tested, and in some cases, needed. Your "coincidences" suggestion summarily dismisses any argument. You should go into politics.
---- Teach Peace. It's Cheaper Than War.
When employees store company data on their personal devices, that could invalidate the trade secrets, as they've left the employer's control.
Bullshit. You might as well claim that trade secrets are invalidated if the employee takes written notes home from a meeting because, after all, "they've left the employer's control". Except that employee still has a legal obligation to not spread those trade secrets to unauthorized parties...
don't bring any external electronic devices in whatsoever - keep 'em in your car, and if you get caught, you're instantly fired!
sheesh!
As I've posted before ...
The purpose of corporate IT is to ...
allow company approved people to
access company data
using company approved apps
on company approved hardware
at company approved locations
with company mandated security methods
on the company approved IT budget and staffing level
to keep the company in business and out of court.
And I think that is the core problem there. He is a writer.
It does not matter what device a writer uses to write his articles.
It does not matter what software a writer uses to write his articles (as long as it can do ASCII or whatever).
It does not matter what email app a writer uses to send in his articles.
It does not matter where a writer writes or where he sends in his articles from.
But going from that experience and generalizing to something like the health-care industry ... he's an idiot.
So why does Timothy keep linking to his articles?
I think the argument that trade secrets are revealed because the employee's device is outside the company's control is somewhat invalid. The device may be outside the company's direct control, but technically so is the employee's brain and mouth. The employee, however, is within the company's control, thanks to the agreement the employee signed about how they'd handle the company's secrets. Since the employee's device is within the employee's control, and the employee's agreed to handle secrets in an appropriate way, the company's got sufficient indirect control to keep the secrets secret. If that weren't the case then telling the employee the secret in the first place would expose it, since the employee's mind isn't under the company's direct control and the only control exerted is the same agreement about how the employee will handle those secrets.
Cloud storage is another matter, but solving that will require a massive change in the law: making it so my e-mail is mine, period, and you can't serve a subpoena on the server operator to gain access to my e-mail, you have to serve the subpoena on me.
The answer to that is to say no to such arrangements. They're risky for both the employee and the employer. Also, the employer shouldn't be asking the employees to subsidize them with free or reduced-cost equipment.
It doesn't muddy the rights. All the potential problems involve unintentional (on the part of the company) release of the information to third parties. The employees are supposed to have access to company information, but aren't allowed to disclose it to third parties without permission.
Probably not. But that is only half the question.
The other half is ... can it leak company information via your wife's "phone, desktop, tablet, work laptop, home laptop, etc".
And for that answer, you have to postulate massive infection on your wife's device. And a Russian cracker on the receiving end. Can that Russian cracker use the information gathered to impersonate your wife and gain access to the company's private data with her credentials?
With a company-owned device, the company can ensure a minimum level of anti-virus / patches / whatever to "prove" in a legal sense that the company took reasonable measure to prevent the breach.
You are forgetting that there are different rules in different jurisdictions. What might work in your state/country might not work in others. That also has to be considered.
-- I ignore anonymous replies to my comments and postings.
Payola
How common is this arrangement? The closest thing to this that I've seen is with home-based employees who pay for their Internet access, which of course is factored in to their salary. Contractors may be another case in point, but then the questions you asked should have already been answered in their contract. It's definitely not something to be ignored until things go wrong.
Simple fact, Ajaxco might very well make the best widgets out there at a fair price, but NOBODY gives a crap about it's email. NOBODY.
Some people might care about customer credit cards, and so those shouldn't be on ANY mobile device, no matter who owns it.
If somebody finds a lost cellphone, they will do one of 3 things.
What they won't do is try to auction off the incredibly valuable minutes to the last weekly meeting everybody slept through or the contents to the many MANY emails from that guy that doesn't realize there is any option but "reply to all".
If you have data that falls under HIPAA, treat it like credit cards. That is, it doesn't go on mobile devices no matter who owns them. If absolutely necessary, let it use an RDP or VNC session to a company owned server somewhere.
Congrats, it now no longer matters who owns the device.
Use the employee owned mobile device as an ACCESS device, not a storage or processing device. Google Citrix Goldengate.
My device, My data. if you want control over it, then stop being a cheap bastard and buy me a iPhone and you pay for the data plan and cellphone service.
If you want control, you have to pay all the costs. Otherwise, stuff it in your gold plated urinal.
Do not look at laser with remaining good eye.
Can we please ban infoworld links for a while?!?! In the last two months, everything that linked to an article there was complete and utter rubbish!
I think this is quite straightforward. A company can be responsible for the interfaces that are provided to internal data to none-company devices and the data on company devices. Outside of that the responsibility stops with the end user (employee/customer/guest/consultant/whoever) and the company's usage policies should mirror this and breach of these constitutes breach of contract and therefore liability for damages.
Company decides what can be done with comany equipment, I decide what can be done with mine. No problem!
Company decides what equipment can be connected to their network.
Company owns the work I do on company time, I own the work I do on my own time. (No, I wouldn't dream of signing a contract where the employer get rights to stuff I program in my spare time at home. But of course they will fire me if I actually compete with them in any way or form.) No problem here either!
This is a terrible argument. So, if someone uses their personal phone for work related things, work is relinquishing IP?
No... I dont think so.
And unless you have a creepy workplace, they wont exactly be able to install monitoring software on your personal phone unless you sign something allowing them to, in which signing this also allows them other rights such as monitoring your texts, thereby making your texts work related regardless if personal or not.
I would make employees sign a "this business can wipe your personal phone if you leave to protect its IP, which may be in emails sent to your phone.", otherwise they wont have email setup on that phone.
It's not just an issue of protecting "trade secrets", but of protecting customer information in compliance with law and being able to prove that corporate decisions are made in compliance with law without collusion and back-room deals.
Most employees (including a HUGE segment of the Slashdot crowd) do not understand the fundamental reason companies do NOT want you using "personal devices" to do business, but to use the company-provided equipment instead.
The company's obligation to legal and ethical requirements to protect and manage data FAR outstrip your desire to use your iToy at the office.
I do not fail; I succeed at finding out what does not work.
For now, anyway, have a device for work (owned and controlled by work) and a device for home (owned and controlled by you). Sharing doesn't work.
To get companies back to power and use more blackberries...ewwww
-Xen
If the device (phone, Tablet or PC) does not belong to us, it is not getting connected to our network. This is absolute - for secretaries, doctors, nurses or whoever else you care to mention.
Sometimes we get new starters showing us their BlackBerry/new iPad/laptop/whatever but we just show them the documentation and that is usually the end of the story.
Our "Service Desk" (Help Desk) know this and tell people. It is interesting that those at the top of the tree and those nearer the bottom both seem to be able to take a telling. We do get people from the middle demanding to speak to someone higher up. These people feel that they are so special that the world has to make special allowances for them. The answer does not change.
I'll see your Constitution and raise you a Queen.
is to this very reason, if you take the likes of yousendit and box they encourage user to bypass corporate governance, however if you look to the likes of Axway, IBM and smaller players like http://www.thruinc.com the focus is still on IT and the problem of taking your own device to work is not there anymore, as devices are incorporated into the policies and use the same tools.
this is just because IT can't control it, they start to scream
Already done. I told the immediate person on the communication change that this would be the case two weeks back. I'm not allowed to talk to his superior who is the one making the decision.
4) Quit the company and work for one where the idea of being "not allowed to talk to" someone is ridiculous.
Seriously? You're not allowed to talk to someone at your own company?
First, It goes without saying that it depends on what kind of stuff the end-user is doing. If this is the average company, it would probably be ok to have a secured part of the phone which is completely managed by the company, and the rest of the phone would be controlled by user. This wouldn't be perfect but could provide some level of assurance that email accounts/ company info could be managed in a reasonable manner. However those dealing with real trade secrets, or other highly sensitive information, should stick to separate devices. Its all based on the risk of data loss/ cell phone compromise.
Not everybody has the talent to be a good author (I don't fool myself). Some writings get muddled, and some responders simply interject confusions. The topic(s) of ‘data privacy rights’, why they are needed, and including who is subject to adhere to regulations concerning them, why they are subject, when they are subject, and the regulations themselves, all deserve to be logically discussed .. . .. .Because there ARE regulations. -Regulations concerning information that a person or other entity may hold [about] another person, or other entity, which, if obtained by an unauthorized 3rd party, could be used in an unauthorized manner. (If you legitimately [authorized] collect and save someone else's information, you have a responsibility to protect that information from unauthorized access, viewing, collection and\or use. And, generally, authorized for your use does not authorize you to authorize any other person or entity.)
The Ops’ title is: - “Employee-Owned Devices Muddy Privacy Rights”
- Business and Tech headlines lately are loaded with mentions about, and references to such things as, “Bring your own device to work(BYOD)”, “Commercialization of Corporate IT”, etc., etc., which talk about employees using their own devices to access work-related assets, for different reasons.
As is pointed-out in various comments above, the persons or entities that are subject to the aforementioned regulations are required to take ‘reasonable steps' to comply with those regulations.
It is NOT reasonable to ‘assume’ an employee’s personal device is and will remain to be ‘in compliance’ with the subject regulations, therefore, it is NOT a ‘reasonable step’ to openly allow employee-owned devices access to the internal information.
The computer systems we saw on television, Star Trek and the like, will one day govern us; but not yet.
cjacobs001
I find it remarkably odd that people are spending any time at all considering how to protect company secrets when companies spend practically none of their own time thinking of ways to protect ours...
I've never here'd of such a thing.
Confucius say, "Find worm in apple - bad. Find half a worm - worse."
It's not just an issue of protecting "trade secrets", but of protecting customer information in compliance with law and being able to prove that corporate decisions are made in compliance with law without collusion and back-room deals.
Most employees (including a HUGE segment of the Slashdot crowd) do not understand the fundamental reason companies do NOT want you using "personal devices" to do business, but to use the company-provided equipment instead.
The company's obligation to legal and ethical requirements to protect and manage data FAR outstrip your desire to use your iToy at the office.
Posted from my iPhone.
There I fixed it for you. ;-)
Keep the Classic Slashdot.
That "by extension" bullshit is exactly that - BULLSHIT!
A company is not a person, and companies are not eligible to be considered as persons. The rights of people are not properly extended to corporations.
"Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
You can not own the information. Anyone thinking otherwise is deluded fool. Coincidentally, those type of people are self centered sociopaths too.
Is there another kind of sociopath?
And moderators - just because you don't agree with, or understand something - why moderate it troll?
Shouldn't you be moderating up good posts - and if, if, something is particularly offensive, like APKs sad host file binges, moderate it down?
Just thinking.
A corporation is a joint effort of one or more people. Are you saying that individuals should be stripped of rights when they start to cooperate?
You do not have a moral or legal right to do absolutely anything you want.
What do you mean by IP (I assume "intellectual property")? Trademarks? Copyrights? Trade secrets? Patents? For each of these the answer to your question would be different.
For example, if I use your trademark in order to identify your product there is nothing you can do about that even if I say "ACME(TM) screws are a piece of garbage". On the other hand it makes absolutely no difference to your ability to protect your trademark and you don't need any contract or thoughts in place.
With trade secrets, I would see letting it get onto someone's device as similar to getting it into someone's brain. It shouldn't cause a problem as long as a) you have an ongoing business relationship with the person and b) a contract which protects the trade secret. If, however, you didn't have a contract you would be lost.
"Intellectual property" is a terrible term which groups together a bunch of unrelated things. It would be much better if you specified which parts you want to discuss and what you are afraid of. Grouping these things together just confuses people, which seems to be one of the main reasons that lawyers do it so often.
=~ s,(.*),<sarcasm>$1</sarcasm>,g if any_point_you_wish();
I'm saying that those individuals have the right to keep a secret between themselves. The company does not become a person, simply because those people decide to become a company. "By extension" implies that a company is entitled to the rights and considerations that an individual is entitled to.
The fifth amendment, for instance, protects me from being forced to testify against myself. No such protection is afforded a corporation. When Uncle wants to examine any records, or question any employee, affiliate, officer, or representative, the company cannot plead the fifth. Any individual within the company might do so, but the company cannot.
I could go on, but my point is, it is harmful to society to even make statements that seem to imply that companies have legal status as persons. They are not. You cannot extend the right to life to a company, nor the right to procreate, nor the right to vote, or serve in the military.
"Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
Hat tip for you:
This article is by Galen Gruman, finally getting around to the other side from his "I hate IT, all IT people are stuck up overlords who won't let me have a toy to play Farmville on at work" garbage.
Infoworld has so caught on to his blitherings that they pre-emptively disabled comments on his latest column.
I don't understand why they don't just fire him. He must be related to someone in charge.
Proof that corporations are not people:
- If I were to drive drunk and run someone over, I'd be doing 5-to-20 for vehicular manslaughter.
- Meanwhile, when some drug company fucks up and kills thousands of people, they get a slap on the wrist from the FDA and laugh all the way to the bank when their bought congresscritter awards them yet another contract.
This of course upsets recent school leavers who are used to lots of freedom to goof around, and not be treated like battery-farmed animals. They want their shiny macbooks and tablets, so they gave their plan an acronym to make it seem legitimate - BYOD - and claimed that bringing your own device saves time and money (the reality being that a computer for most staff is less than a week's wages), so that they could smuggle OSX and iOS devices into the workplace.
This creates lots of headaches.
Some say that it doesn't matter if the BYOD computer is only accessing web services, so is really just a thin client. Others might argue that it's more about power and control, forcing traditional bully-boy IT departments to relinquish their overly tight controls. Some say that users should stop wanting to goof around on their computers at work. Others would say "get the fsck off slashdot and back to work, bitch".
Why?
1. I don't want to carry two cell phones with me. If the boss wants me on call after hours, then he can use my own number.
2. I don't use MS. I'll use my mac, with linux running in virtualbox for developement. Yes, if they insist on using some MS programs, I;ll run VB for winsnooze too.
3. I may have different ideas of what software to run than the company does.
How much of this to allow is a company decision. They pay the coin. They set the rules. In many industrial sites here you have to wear Nomex coveralls. Not permitted on the job site without them. I don't choose to work for those outfits.
I walked into a job interview at HP.. My interviewer was wearing a 3 piece suit. Five minutes in, I asked, "Is suit and tie expected wear here?" "Why yes it is" he said, surprised. "I don't want to work here. I don't own a tie, and have no intention of starting now."
Another job wanted me on call with their own cell phone. I demonstrated conclusively with 4 different phones that there was no point. I lived out of cell phone reach. They reluctantly agreed that I could keep the phone at work.
Third Career: Tree Farmer Second Career: Computer Geek First Career: Teacher, Outdoor Instructor, Photographer.
Any company concerned about its internal information has to be really cautious, even obstructive, about allowing non-company devices on their network, because of both information protection requirements and malware risks to other devices on the network.
People complain about the control-freaks in the IT department, but there are very good reasons that they have to exert this type of control. Yes, it's possible to be too paranoid about security (or is it?). But controlling whose devices access the network and what applications and capabilities exist in those devices is not paranoia nor a domination game. It's self-knowledge for the company. Remember, that apart from someone's job role, a large company has no way of distinguishing knowledgeable techies from PEBCAKs would click on every antivirus scam site that displays a popup on their desktop. For those companies, opening BYOD to all employees is equivalent to a home user removing the firewall from their router and just letting all the internet into their home network.
We are the 198 proof..
It's not unclear to anyone with a brain. This is nothing new. The moment the internet went live, this "problem" started - can you say "email"?. Actually, it pre-dates the internet. What if someone takes a printed company document home with them in their personal briefcase? Our new fangled technology hasn't changed any rules. The rules are the same. Like I said, anyone with a brain should know this...
Companies do not have any rights to gain access to an individual's property - whether it be someone's home, briefcase, or iPhone. Likewise, company property (like a financial report or an engineering document) belongs to the company regardless of where it resides - whether that be on a company computer, in a file cabinet, an employee's iPhone or in someone's briefcase. Each party has a responsibility to respect and protect each other's property. Nothing is invalidated. What nonsense. Sounds like lawyers looking for a new way to sue, claiming that "times have changed." Hogwash, nothing's changed, only the tools are slightly different. The same rules of integrity apply regardless of what the tools are. Sheesh.
Am I unique in wondering where all this is going? and who is behind this constant Chicken Little fearmongering, particularly in the US.
As a 45 year industry veteran, with PhDs in Computer Engineering and Recht (law) I can tell you that this FUD (3 x, recently on /.) is absolute
nonsense especially in the US Sox context.
First, I have never has an IT (Sysadmin from Hell) wacko rush up to me to tell me I can't use my own Pen/Ink/Notebook. I can write in Green on Yellow paper and these fools will stay far away as they would be laughed at, but if I try to use my own PC/SmartPhone/Memory stick these guys are all over me with complex arguments which add up to we must have control. Well no, HELL NO.
Company data, including Letters, e-mails and other corporate data must go through Corporate Server so it can be backed up and controlled, anything I do is private until I route it through the company, say for example via a VPN. Anything else is stupid and stupid dosn't make money.
MFG, omb