With many companies increasingly allowing – and in many cases encouraging – the use of personal devices for work-related matters, a recent CCBJ webinar highlighted the importance of implementing a Bring Your Own Device (BYOD) policy.
The iPhone debuted in 2007, and in the decade since then, smartphones and other personal electronic devices have become ubiquitous – in society at large and at work. It used to be that employers supplied whatever computers and other technology their employees needed – and had restrictive policies about the use of personal devices – but these days, employers are more likely to accept and even encourage the use of personal devices for work purposes. On the surface, BYOD programs seem like a good idea, and companies with these policies often tout benefits like lower IT costs, increased productivity and higher employee morale. However, as the line between work life and personal life blurs, so does the line between employee and employer ownership of the data on these devices. This creates potentially serious problems in terms of the preservation and collection of electronically stored information (ESI) on personal devices that are used for business purposes.
Corporate Counsel Business Journal recently collaborated with digital forensics specialist AccessData to conduct an online survey of in-house law departments about corporate policies related to BYOD programs and personal device use for work-related matters. The results, presented in a webinar, indicated mounting concern about discoverable data on those devices.
According to Tod Ewasko, director of product management and development for AccessData, the challenges at the intersection of BYOD and e-discovery are significant. “BYOD seems like a cost savings initially, but on the other side of the coin, it becomes unfeasible for IT to manage,” he says. “When it comes to forensic and e-discovery collection of data, getting it off those devices can be a nightmare.
The survey results reflected just how dire the situation has become. A whopping 85 percent of respondents reported that discoverable data on personal devices “is a concern.” Nearly 70 percent of companies reportedly allow the use of personal devices for work-related matters – and that number is rising fast. But that doesn’t mean companies are prepared for the risks involved, many of which arise from e-discovery in the course of litigation and from the data identification, preservation, and collection requirements associated with government and internal investigations. Indeed, nearly 40 percent of companies reported that they do not have a BYOD or personal device policy at all.
In such an environment, the cost savings associated with the advent of BYOD programs can diminish quickly. Many companies are struggling to grapple with this unexpected new reality, either revising their policies in this area or creating them for the first time. With that in mind, Ewasko has laid out a step-by-step process that organizations can use to ensure that their BYOD programs are on solid ground. That process, as well as the complete results of the survey, can be found in a comprehensive white paper titled: Do Benefits of Personal Devices at Work Outweigh Drawbacks?