Charles Trentham

With the popularity of BYOD (bring your own device) soaring and more employers opting to go this route rather than investing in new hardware for their employees, data security is becoming a major concern. Facing the prospect of employees having regular access to potentially sensitive documents, emails, servers, and other information, employers need to know there are measures in place to protect themselves in the event of a breach.

Acceptable Use of Employee Owned Devices

One of those measures, and one of great controversy, is data wiping. Under more traditional circumstances, when an employer provides its employees with the necessary technology, such as cellphones and laptops, data wiping is much less of a concern. While there are cases in which employees may use company-issued devices for personal use, the company typically remains in full control of the device. If data security were to become compromised on the company-issued device, then no problem, remotely wipe its hard disk or memory clean.

It may not be so clear cut in BYOD situations. It’s likely that before an employee implements a self-owned device on a company network, said company would require an acceptable use policy to be signed. This not only protects the company in the event of breach, but it also may limit the rights of employees in these rare situations. This is where the controversy arises. In the event mobile data security becomes compromised (say if an employee left his phone in a restaurant containing work emails), the employer can hit a button and poof. Everything is gone. This includes company emails, documents, access, and everything else the person had on his phone.

Always Back Up Personal Data

If you’re an employee using your iPhone (or any device, for that matter) to access company email and documents, it’s more than a good idea to make sure you have all your personal data stored elsewhere. This data might include pictures, video, music, documents, and contacts. Some of this may already be backed up by programs such as iTunes or various cloud software, but it’s always the user’s responsibility to ensure this is the case. And many companies realise the responsibility lies with the user and may include reference to it in the acceptable use policy. You many have signed away your right to the protection against the loss of personal data and there may be no recourse if it indeed lost.

The potential data loss extends to other situations as well. What happens when an employee in a BYOD environment quits or is terminated? In this case, no company data has been lost, but it may want the insurance that none does become lost or compromised. They may very well have the right to remotely wipe all relevant devices to protect itself. At what point does this become overreach and invasion of privacy? It may depend on what was signed.

The Future of BYOD and Data Wiping

So far, however, there have been few instances when a company remotely wiped an employee’s device. It certainly isn’t widespread and isn’t something to fear when working for a BYOD company. As BYOD becomes more popular and issues of remote wiping and privacy more prevalent, app developers are actively creating programs making it easier for employers to remotely wipe data without harming personal data stored on an employee’s device. This will undoubtedly ease much of the apprehension over losing personal data, but privacy concerns may still remain.