by Rishi Khullar
on October 11, 2017
Cyber Security & Data Privacy
Legal & Industry Education
Originally published in 2016, this post continues to provide timely suggestions for employees who choose to BYOD. Don't ignore these best practices to protect your data.
Bring your own device (BYOD) programs give you the flexibility to choose the technology that comes most naturally and can help you be more effective at work. But how can you make sure your personal data is safe from prying eyes if your employer becomes involved in litigation?
The short answer is: You can’t. However, you can increase your odds by managing a work device separate from your personal device.
You can also follow some best practices to potentially minimize the attention your personal data will receive during discovery and review. Before we get to that, let’s talk about some common considerations.
Your company’s BYOD policy might require making personal data accessible in the event of litigation. In many cases, your personal data won’t be relevant to the matter, and it won’t be produced or referenced in court. However, if it’s intermingled with work data on your device, it may become discoverable, meaning someone in your organization—or, even worse, an adverse party—will need to examine it in the course of searching for data that is relevant.
Although the safest way to protect data is completely separating personal and work data on different devices, if you choose to use one device for both purposes, you may want to ask your personal lawyer or your employer’s lawyer some questions—remembering, of course, that your company’s lawyer represents the company, not you:
Perhaps, however, these questions have already been answered. This leads us to the first of our five tips for protecting your information.
Snuggling up on the couch with a glass of wine and a riveting BYOD policy may not be your ideal Sunday evening, but understanding these policies is a necessary step in protecting personal data on your devices.
It’s likely your organization has multiple policies in place regarding device security for you to review. It is your responsibility to read and understand them so you can comply holistically. Company policies extend beyond BYOD, so make sure you do your homework—and stay up to date on any changes to the policies over time.
Your employer may have integrated a BYOD policy with their acceptable use policy. These policies aim to protect data, and complying with both will help you and your employer avoid security risks.
This is where having two devices can actually simplify your life. That said, if you must use only one device for both personal and work purposes, it is best to use separate applications for work and personal data. For example, using SMS exclusively for personal exchanges and something like Slack for work can make discovery of work data simpler—hopefully reducing the need to review your personal information.
If your work becomes involved in litigation, you’ll receive a legal hold notice and your legal team may interview you as a custodian. During both of those touchpoints, if you can tell your legal team with certainty that none of your work data resides as SMS on your phone, they may be able to set aside data from that app from the start of their review.
Under certain circumstances, a device might be subject to data deletion—meaning your company can remotely wipe all data from your device. This is most common when a device is lost or stolen, and it ensures none of your information—personal or professional—lands in the wrong hands. Your device may also be subject to this process if you leave the company.
You don’t want to be caught unaware of this process in a stressful situation—you’ll have enough to worry about when you’re taking off on a flight home from a conference and realize you left your phone on the seat back in the terminal. The added surprise of having all family photos wiped from your device will be aggravating. Look for answers to the following questions to ensure you’re fully aware of these practices before disaster strikes:
In addition to protecting personal data from litigation, follow proper security measures to make sure your data is safe from hackers. As evidenced by the recent Apple-FBI debate, a lot of energy and attention—technological and political—goes into building these protections and addressing how they may be circumvented. It doesn’t make sense for consumers to ignore them.
There are many settings on your device that help protect data and privacy. The following tips can help you secure your mobile device:
Though some of these measures may seem like no-brainers, a surprising number of consumers don’t take advantage of them. Don’t make that mistake.
A growing number of organizations are using mobile device management (MDM) applications on their employees’ devices. These programs allow an administrator to control access to certain functions of an application on a smartphone, tablet, or computer. Additionally, MDM ensures that company protocol is followed and offers employees flexibility and security when bringing their own devices.
For example, Relativity Binders offers integration with MobileIron. MobileIron is an MDM application that allows the administrator to set certain permissions when using Binders and other applications on the device.
If your device is subject to MDM governance, here are some things to consider:
Ultimately, the decision to bring your own device to work is one that places a lot of responsibility in your hands. Ensure your work and personal data are protected not just by following your company’s minimum requirements, but also going the extra mile when it comes to device security.
Have an interesting BYOD story? Share it with us via @RelativityHQ on Twitter.
Rishi Khullar was a product manager at Relativity, focused on the development and evolution of mobile apps for Relativity.
Now in Relativity Analytics: 3 Customer-Driven Enhancements
4 Ways to Move e-Discovery Data That You May Not Know About