Slashdot Mirror

← Back to Stories (view on slashdot.org)

Employee-Owned Devices Muddy Data Privacy Rights

Posted by timothy on from the ownership-is-theft dept.

snydeq writes "As companies increasingly enable employees to bring their own devices into business environments, significant legal questions remain regarding the data consumed and created on these employee-owned technologies. 'Strictly speaking, employees have no privacy rights for what's transmitted on company equipment, but employers don't necessarily have access rights to what's transmitted on employees' own devices, such as smartphones, tablets, and home PCs. Also unclear are the rights for information that moves between personal and corporate devices, such as between one employee who uses her own Android and an employee who uses the corporate-issued iPhone. ... This confusion extends to trade secrets and other confidential data, as well as to e-discovery. When employees store company data on their personal devices, that could invalidate the trade secrets, as they've left the employer's control. Given that email clients such as Outlook and Apple Mail store local copies (again, on smartphones, tablets, and home PCs) of server-based email, theoretically many companies' trade secrets are no longer secret.'"

6 of 165 comments (clear)

  1. Who profits by muddied waters? by vlm · · Score: 4, Interesting

    Who profits by muddied waters? Wasn't this all figured out decades ago when employees got home telephones and occasionally talked business on them?

    --
    "Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
    1. Re:Who profits by muddied waters? by vlm · · Score: 5, Interesting

      Back then you couldn't just connect a phone to another device and retrieve and make public everything that was transmitted on it.

      Sure you could. Darn near 30 years ago my father had a terminal at home hooked up to a printer. And 40 years ago my grandfather had a reel to reel tape recorder hooked up to the phone (business purposes, something about dictation services and the then new concept of documenting conference calls with engineering consultants). This is old old old old case law. So I ask again, who profits by dredging this up and muddying the waters with a fake sheen of newness?

      See the thing about IT/CS, is there's never really anything new, its just all recycled over and over, everything, and the noobs always think they as the youth of American are the ones who invented it. There is some old saying about every generation of teenagers think they're the first generation to invent 1) rebellion and 2) music and 3) sex and everyone old enough to see the pattern just laughs.

      --
      "Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
  2. UK Information Commissioner Office issues guidance by Rob+the+Roadie · · Score: 4, Interesting

    ICO issues guidance about private emails, reminding the public sector that the Freedom of Information Act covers private emails if they are used for business matters.

    "Christopher Graham, the information commissioner, said: "It should not come as a surprise to public authorities to have the clarification that information held in private email accounts can be subject to freedom of information law if it relates to official business."

    Not really a device thing... but related none the less.

  3. where's the muddiness? by Cederic · · Score: 4, Interesting

    Life is pretty fucking simple:
    - the company's data belongs to the company
    - the individual's data belongs to the individual
    - customers' data belongs to the customers and is protected by law

    So don't allow customer data onto insecure personal devices, decide whether you'll allow company data onto those devices and accept that your employees will have data you don't control on them.

    Shit, I work for a bank, I can think of a dozen ways of permitting end user computing in the office without breaking any FSA regulations, the law or unreasonably jeopardising the company.

  4. Re:Why link to another Galen Gruman article? by Moryath · · Score: 4, Interesting

    What's really funny is that Galen "I'm a fucking moron" Gruman just wrote this second article, which was the answer to why those supposed "high priests" - really, IT people trying to implement the policies put forth by PHB's high up the chain and legal teams trying to stop the risk of trade secrets going out the door - did the things he didn't like in the first article.

  5. Re:Simple, really by vlm · · Score: 4, Interesting

    ...ABSOLUTELY NO DEVICES NOT COMPANY SUPPLIED ON THE NETWORK. If the company is counting on trade-secret status for things like customer lists...

    Funny you should mention this, to work around that agony, at a previous financial services employer, the field techs had the customer site data in plain text email as attachments, which the field circus techs had access to via internet webmail. Boss/supvr was gatekeeper and responsible for email forwarding the most recent customer data snapshot to any of his techs that requested it from him.

    The problem with hollywood movie plot based security is that it usually completely misses the mark of real security issues. If it takes 30 minutes of biometric and two factor security to get some data, what happens in the real world is one tech will simply txt message another tech asking him to email the info he needs to his gmail.

    --
    "Science flies us to the moon. Religion flies us into buildings." - Victor Stenger