SlideShare a Scribd company logo

Cosac 2013 Legal Aspects of Byod

Download as PPTX, PDF
TAL Global - International Security and Counter-Terrorism Consultancy
TAL Global - International Security and Counter-Terrorism Consultancy
News & PoliticsTechnologyBusiness
1 of 24
Legal Aspects of BYOD Lawrence D. Dietz, Esq.
www.TALGlobal.comWhen Experience Matters BYOD Adoption Source: Bring Your Own Device: The Facts and the Future; Gartner Group; April 2013 U.S. U.K. Canada Brazil Russia India China Desktop Computers 47% 38% 47% 56% 10% 55% 54% Laptop Computers 41% 32% 41% 57% 7% 68% 56% Standard Mobile Phones 33% 29% 27% 50% 36% 84% 78% Smartphones 55% 38% 47% 71% 5% 85% 76%
www.TALGlobal.comWhen Experience Matters  Lost, Damaged or Stolen Devices  Employees come with or leave with sensitive data  Inappropriate images or communication  Introduction of malicious code  Minimum level of security products & proper procedures, e.g. passcode  Guidance on public wifi  Encryption: at rest and in transit  App policy and security evaluation  Cost sharing and legal responsibilities  Combined (personal & professional) use  Security Issues  Data Ownership Common BYOD Problems
www.TALGlobal.comWhen Experience Matters  Working Definition of BYOD  The State of BYOD Law Today  The Future of BYOD Setting The Stage
www.TALGlobal.comWhen Experience Matters  Bring Your Own Device or BYOD simply means that the employee is using their own electronic device (smart phone, tablet, laptop, etc.) for company purposes.  The employer owns the device and pays the bill for its use whether or not the employer reimburses the employee for the cost.  The device contains personal data about the employee to include PII and PCI and possibly PHI.  The employee may not be the only person using the device. Working Definition of BYOD
www.TALGlobal.comWhen Experience Matters  No Specific BYOD Laws  Existing Areas of Law Apply Privacy Law Labor Law* Laws Relating To:  Stored Communications  Computer Fraud & Abuse  Information Security & Privacy  Electronic Discovery  Minors and the Internet  International Travel – Search & Seizure The State of BYOD Law Today
www.TALGlobal.comWhen Experience Matters  Breach of Contract  Breach of Fiduciary Duty  Intellectual Property Loss Unauthorized access, disclosure, modification Unauthorized destruction, deletion  PII Exposure & Breach Liability Unauthorized access, disclosure, modification, destruction, deletion Security breach disclosure obligations  E-Discovery Laws and Compliance The State of BYOD Law Today – Foundational Law
www.TALGlobal.comWhen Experience Matters  Industries where laws are likely to apply to BYOD even if not explicitly stated: Government Health Care Finance Electrical and Nuclear Power The State of BYOD Law Today – Industry Laws
www.TALGlobal.comWhen Experience Matters  Clean Hands  Privacy Waiver  Policy Acknowledgement  IP Creation Rules  Keeping Own Number & Making Personal Calls Likely Means Higher Level of Privacy Post Employment Pre-Employment Overview
www.TALGlobal.comWhen Experience Matters How will the employer know what content is on the device before it is given access to organizational resources?  Pornography  Nature of Personal Data & It’s Current Protection  Data from former employers  Employee owned Intellectual Property PHI and/or PII on others besides the device owner Pre-Employment Considerations
www.TALGlobal.comWhen Experience Matters  Create the policy BEFORE allowing the use of BYOD  Who is eligible for access (labor law concerns)  Who pays for what  What technical parameters for the device  Devices supported  Data plans  What security measures must be followed  What apps are permitted  What data are permitted / excluded  How and when a mobile device may be used to access the company network  Acceptable use policies  Limits on places and applications BYOD Policy Considerations
www.TALGlobal.comWhen Experience Matters  What data are collected from employee’s device What data may not be collected from employee’s device  What to do if the device is lost or stolen Geolocation of lost device Remote wipe data on lost device  Company’s ability to access device used for work, including employee’s activity on the device, employee’s access to social media, web-based personal email  Company’s access in connection w. litigation, e-discovery requests, internal or external investigation  What happens if employee leaves the company  Legal limits on GPS locators or other monitoring software BYOD Policy Considerations (Continued)
www.TALGlobal.comWhen Experience Matters Are there specific current company polices that were written specifically to address BYOD? Is the employee or contractor made aware of them prior to hiring or retaining? Does the employee or contractor acknowledge that they are aware of these regulations and will follow them. Company Side Considerations
www.TALGlobal.comWhen Experience Matters  Policy Familiarization & Acknowledgement  Consent to search device, consent for electronic discovery.  Employer responsibilities: secure device, replace/repair  Limits as to what can be stored or accessed on the employee’s device.  Employer’s security software: encryption, access control.  Hourly/work records  Mandatory Breach Notification Responsibilities Considerations During Employment
www.TALGlobal.comWhen Experience Matters  Audit of personal devices IP Theft Data of others: PII, PHI, etc.  Extended consents for a “reasonable” period of time  Responsibilities and compensation for participation in post-employment legal procedures. Post Employment Considerations
www.TALGlobal.comWhen Experience Matters  Establish standards for identifying the acceptable device Manufacturers, devices, models, operating platforms Mobile networks and service plans  Define the procedure for enrollment Configuration of the devices  Define the parameters of assistance to employees Initial activation assistance On-going support Identify relevant security patches, and mechanisms to download them End-of-support The Role of the IT Department
www.TALGlobal.comWhen Experience Matters  Define security standards Minimum security standards to be met before accessing network Authentication Lost password Lost device  Define privacy standards Segregation of company data v. personal data  Monitor Review server logs to determine what was downloaded The Role of the IT Department (Continued)
www.TALGlobal.comWhen Experience Matters Case Studies
www.TALGlobal.comWhen Experience Matters Eddie is a software engineer who recently joined the company. His former employer is one of your company’s major competitors. Your company has adopted Nokia Lumina Windows Smart phones because your purchasing department got a great deal. Eddie insists on using his personal iPhone for company business even though he doesn’t get reimbursed for his calls. You are Eddie’s supervisor. HR calls you and you find yourself in an office with the head of HR and your company’s General Counsel. Eddie’s employer is suing yours for theft of trade secrets and you have received a subpoena (or your country’s equivalent) to turn over Eddie’s phone. 1. Is the company responsible for turning over Eddie’s phone? 2. Do you think your company is liable for Eddie’s actions? Case Study #1
www.TALGlobal.comWhen Experience Matters You are sitting in the company cafeteria and you over hear a conversation about a Facebook posting. Seems that a picture of your new prototype appeared on one of your employee’s teenage children’s pages. The discussion was among your very junior staff, one of whom is friends with the poster. Upon investigating you find out that the employee-parent allowed his child to take his iPad to school and that the employee had been using the iPad as a convenient way to work at home on the new prototype’s design. You also learn that the employee’s supervisor was not aware of the iPad’s use. 1. What action do you take against the employee? 2. Suppose the company had supplied the iPad would your action be different? Case Study #2
www.TALGlobal.comWhen Experience Matters Your company has settled on Android phones. However, your top sales person, Samantha insists on using her iPhone. Samantha keeps her contact list, a very sought after property since it reflects her five years as top sales person, on her iPhone. She does not have the Passcode feature enabled. On one Monday morning a mournful Samantha comes into your office as CSO and tells you that her beloved iPhone was lost over the weekend. She wants to know what you intend to do about replacing it for her? 1. What do you feel you need to do? 2. Would your answer change if the contact list was maintained using an approved company app? Case Study #3
www.TALGlobal.comWhen Experience Matters  Thorough evaluation of the potential uses; and of the related risks  Limiting what data may be used from, or stored in a non-company owned device  Authentication  Easy to comply with security measures: policies, procedures, technology  Frequent audits and monitoring of compliance, and updating of the policies and procedures  Training and awareness  Enhanced termination procedures Top Ways to Minimize BYOD Liability
www.TALGlobal.comWhen Experience Matters  What if organizations require employees to use their own devices like carpenters use their own tools?  Younger work force will demand to use their own devices.  SAAS will migrate to “Aps” if they haven’ already. Platform agnostic aps will rule.  Growth of non-traditional employees will foster BYOD Future of BYOD
THANK YOU LDietz@TALGlobal.com When Experience Matters www.TALGlobal.com To learn more, please see this Video

Recommended

BYOD - Bringing Technology to work | Sending Data Everywhere
BYOD - Bringing Technology to work | Sending Data EverywhereBYOD - Bringing Technology to work | Sending Data Everywhere
BYOD - Bringing Technology to work | Sending Data EverywhereJim Brashear
 
Workplace Privacy and Employee Monitoring: Laws and Methods
Workplace Privacy and Employee Monitoring: Laws and MethodsWorkplace Privacy and Employee Monitoring: Laws and Methods
Workplace Privacy and Employee Monitoring: Laws and Methodscmilliken09
 
How to Secure Your iOs Device and Keep Client Data Safe
How to Secure Your iOs Device and Keep Client Data SafeHow to Secure Your iOs Device and Keep Client Data Safe
How to Secure Your iOs Device and Keep Client Data SafeRocket Matter, LLC
 
2010 10 27 Isc2 Protecting Consumer Privacy
2010 10 27 Isc2 Protecting Consumer Privacy2010 10 27 Isc2 Protecting Consumer Privacy
2010 10 27 Isc2 Protecting Consumer PrivacyRaj Goel
 
Security and Privacy: What Nonprofits Need to Know
Security and Privacy: What Nonprofits Need to KnowSecurity and Privacy: What Nonprofits Need to Know
Security and Privacy: What Nonprofits Need to KnowTechSoup
 
Protecting Intellectual Property in the Age of WikiLeaks
Protecting Intellectual Property in the Age of WikiLeaksProtecting Intellectual Property in the Age of WikiLeaks
Protecting Intellectual Property in the Age of WikiLeaksSocialKwan
 
Securité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForceSecurité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForcePatrick Bouillaud
 
IT Security Presentation - IIMC 2014 Conference
IT Security Presentation - IIMC 2014 ConferenceIT Security Presentation - IIMC 2014 Conference
IT Security Presentation - IIMC 2014 ConferenceJeff Lemmermann
 

Recommended

BYOD - Bringing Technology to work | Sending Data Everywhere
BYOD - Bringing Technology to work | Sending Data EverywhereBYOD - Bringing Technology to work | Sending Data Everywhere
BYOD - Bringing Technology to work | Sending Data EverywhereJim Brashear
 
Workplace Privacy and Employee Monitoring: Laws and Methods
Workplace Privacy and Employee Monitoring: Laws and MethodsWorkplace Privacy and Employee Monitoring: Laws and Methods
Workplace Privacy and Employee Monitoring: Laws and Methodscmilliken09
 
How to Secure Your iOs Device and Keep Client Data Safe
How to Secure Your iOs Device and Keep Client Data SafeHow to Secure Your iOs Device and Keep Client Data Safe
How to Secure Your iOs Device and Keep Client Data SafeRocket Matter, LLC
 
2010 10 27 Isc2 Protecting Consumer Privacy
2010 10 27 Isc2 Protecting Consumer Privacy2010 10 27 Isc2 Protecting Consumer Privacy
2010 10 27 Isc2 Protecting Consumer PrivacyRaj Goel
 
Security and Privacy: What Nonprofits Need to Know
Security and Privacy: What Nonprofits Need to KnowSecurity and Privacy: What Nonprofits Need to Know
Security and Privacy: What Nonprofits Need to KnowTechSoup
 
Protecting Intellectual Property in the Age of WikiLeaks
Protecting Intellectual Property in the Age of WikiLeaksProtecting Intellectual Property in the Age of WikiLeaks
Protecting Intellectual Property in the Age of WikiLeaksSocialKwan
 
Securité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForceSecurité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForcePatrick Bouillaud
 
IT Security Presentation - IIMC 2014 Conference
IT Security Presentation - IIMC 2014 ConferenceIT Security Presentation - IIMC 2014 Conference
IT Security Presentation - IIMC 2014 ConferenceJeff Lemmermann
 
Where security and privacy meet partnering tips for CSOs and privacy/complian...
Where security and privacy meet partnering tips for CSOs and privacy/complian...Where security and privacy meet partnering tips for CSOs and privacy/complian...
Where security and privacy meet partnering tips for CSOs and privacy/complian...Compliancy Group
 
The Threats Posed by Portable Storage Devices
The Threats Posed by Portable Storage DevicesThe Threats Posed by Portable Storage Devices
The Threats Posed by Portable Storage DevicesGFI Software
 
1 p 14-0714 wearable technology part 2 blue paper
1 p 14-0714 wearable technology part 2 blue paper1 p 14-0714 wearable technology part 2 blue paper
1 p 14-0714 wearable technology part 2 blue paper4imprint
 
A6704d01
A6704d01A6704d01
A6704d01mudigonda
 
Hiring and firing in the digital age
Hiring and firing in the digital ageHiring and firing in the digital age
Hiring and firing in the digital ageRobert B. Fitzpatrick, PLLC
 
Newethics
NewethicsNewethics
NewethicsDr. Vardhan choubey
 
Digital Forensics Company
Digital Forensics CompanyDigital Forensics Company
Digital Forensics Companycyberrecovery
 
Tech@Work: How Employers Can Thrive in the Digital Workplace
Tech@Work: How Employers Can Thrive in the Digital WorkplaceTech@Work: How Employers Can Thrive in the Digital Workplace
Tech@Work: How Employers Can Thrive in the Digital WorkplaceElijah Yip
 
Cyber Liabilty: A new exposure for businesses
Cyber Liabilty: A new exposure for businesses Cyber Liabilty: A new exposure for businesses
Cyber Liabilty: A new exposure for businesses Maran Corporate Risk Associates, Inc.
 
Cyber liabilty
Cyber liabiltyCyber liabilty
Cyber liabiltyMaran Corporate Risk Associates, Inc.
 
IT vs. Users? How Law Firms Can Maximize Security While Granting Access to th...
IT vs. Users? How Law Firms Can Maximize Security While Granting Access to th...IT vs. Users? How Law Firms Can Maximize Security While Granting Access to th...
IT vs. Users? How Law Firms Can Maximize Security While Granting Access to th...Authentic8
 
Dealing with Data Breaches Amidst Changes In Technology
Dealing with Data Breaches Amidst Changes In TechnologyDealing with Data Breaches Amidst Changes In Technology
Dealing with Data Breaches Amidst Changes In TechnologyCSCJournals
 
Sept 2012 data security & cyber liability
Sept 2012 data security & cyber liabilitySept 2012 data security & cyber liability
Sept 2012 data security & cyber liabilityDFickett
 
The CISO’s Guide to Being Human
The CISO’s Guide to Being HumanThe CISO’s Guide to Being Human
The CISO’s Guide to Being HumanClearswift
 
Sample IT Policy
Sample IT PolicySample IT Policy
Sample IT PolicyClarknuber
 
Privacy Implications of Biometric Data - Kevin Nevias
Privacy Implications of Biometric Data - Kevin NeviasPrivacy Implications of Biometric Data - Kevin Nevias
Privacy Implications of Biometric Data - Kevin NeviasKevin Nevias
 
5 Technology Trends Construction Contractors Can't Afford To Ignore
5 Technology Trends Construction Contractors Can't Afford To Ignore5 Technology Trends Construction Contractors Can't Afford To Ignore
5 Technology Trends Construction Contractors Can't Afford To IgnoreGross, Mendelsohn & Associates
 
Joanna Belbey Presentation - BDI 10/20/11 Insurance Social Communications Lea...
Joanna Belbey Presentation - BDI 10/20/11 Insurance Social Communications Lea...Joanna Belbey Presentation - BDI 10/20/11 Insurance Social Communications Lea...
Joanna Belbey Presentation - BDI 10/20/11 Insurance Social Communications Lea...Business Development Institute
 
Signacure Brochure
Signacure BrochureSignacure Brochure
Signacure BrochureDave Lloyd
 
It policy (ver 1.0)
It policy (ver 1.0)It policy (ver 1.0)
It policy (ver 1.0)sentmery5
 
Menulis buku? Gampang!
Menulis buku? Gampang!Menulis buku? Gampang!
Menulis buku? Gampang!Tony Hendroyono
 
AWSCLI AutoScaling
AWSCLI AutoScalingAWSCLI AutoScaling
AWSCLI AutoScalingOperation Lab, LLC.
 

More Related Content

What's hot

Where security and privacy meet partnering tips for CSOs and privacy/complian...
Where security and privacy meet partnering tips for CSOs and privacy/complian...Where security and privacy meet partnering tips for CSOs and privacy/complian...
Where security and privacy meet partnering tips for CSOs and privacy/complian...Compliancy Group
 
The Threats Posed by Portable Storage Devices
The Threats Posed by Portable Storage DevicesThe Threats Posed by Portable Storage Devices
The Threats Posed by Portable Storage DevicesGFI Software
 
1 p 14-0714 wearable technology part 2 blue paper
1 p 14-0714 wearable technology part 2 blue paper1 p 14-0714 wearable technology part 2 blue paper
1 p 14-0714 wearable technology part 2 blue paper4imprint
 
Digital Forensics Company
Digital Forensics CompanyDigital Forensics Company
Digital Forensics Companycyberrecovery
 
Tech@Work: How Employers Can Thrive in the Digital Workplace
Tech@Work: How Employers Can Thrive in the Digital WorkplaceTech@Work: How Employers Can Thrive in the Digital Workplace
Tech@Work: How Employers Can Thrive in the Digital WorkplaceElijah Yip
 
IT vs. Users? How Law Firms Can Maximize Security While Granting Access to th...
IT vs. Users? How Law Firms Can Maximize Security While Granting Access to th...IT vs. Users? How Law Firms Can Maximize Security While Granting Access to th...
IT vs. Users? How Law Firms Can Maximize Security While Granting Access to th...Authentic8
 
Dealing with Data Breaches Amidst Changes In Technology
Dealing with Data Breaches Amidst Changes In TechnologyDealing with Data Breaches Amidst Changes In Technology
Dealing with Data Breaches Amidst Changes In TechnologyCSCJournals
 
Sept 2012 data security & cyber liability
Sept 2012 data security & cyber liabilitySept 2012 data security & cyber liability
Sept 2012 data security & cyber liabilityDFickett
 
The CISO’s Guide to Being Human
The CISO’s Guide to Being HumanThe CISO’s Guide to Being Human
The CISO’s Guide to Being HumanClearswift
 
Sample IT Policy
Sample IT PolicySample IT Policy
Sample IT PolicyClarknuber
 
Privacy Implications of Biometric Data - Kevin Nevias
Privacy Implications of Biometric Data - Kevin NeviasPrivacy Implications of Biometric Data - Kevin Nevias
Privacy Implications of Biometric Data - Kevin NeviasKevin Nevias
 
5 Technology Trends Construction Contractors Can't Afford To Ignore
5 Technology Trends Construction Contractors Can't Afford To Ignore5 Technology Trends Construction Contractors Can't Afford To Ignore
5 Technology Trends Construction Contractors Can't Afford To IgnoreGross, Mendelsohn & Associates
 
Joanna Belbey Presentation - BDI 10/20/11 Insurance Social Communications Lea...
Joanna Belbey Presentation - BDI 10/20/11 Insurance Social Communications Lea...Joanna Belbey Presentation - BDI 10/20/11 Insurance Social Communications Lea...
Joanna Belbey Presentation - BDI 10/20/11 Insurance Social Communications Lea...Business Development Institute
 
Signacure Brochure
Signacure BrochureSignacure Brochure
Signacure BrochureDave Lloyd
 
It policy (ver 1.0)
It policy (ver 1.0)It policy (ver 1.0)
It policy (ver 1.0)sentmery5
 

What's hot (20)

Where security and privacy meet partnering tips for CSOs and privacy/complian...
Where security and privacy meet partnering tips for CSOs and privacy/complian...Where security and privacy meet partnering tips for CSOs and privacy/complian...
Where security and privacy meet partnering tips for CSOs and privacy/complian...
 
The Threats Posed by Portable Storage Devices
The Threats Posed by Portable Storage DevicesThe Threats Posed by Portable Storage Devices
The Threats Posed by Portable Storage Devices
 
1 p 14-0714 wearable technology part 2 blue paper
1 p 14-0714 wearable technology part 2 blue paper1 p 14-0714 wearable technology part 2 blue paper
1 p 14-0714 wearable technology part 2 blue paper
 
A6704d01
A6704d01A6704d01
A6704d01
 
Hiring and firing in the digital age
Hiring and firing in the digital ageHiring and firing in the digital age
Hiring and firing in the digital age
 
Newethics
NewethicsNewethics
Newethics
 
Digital Forensics Company
Digital Forensics CompanyDigital Forensics Company
Digital Forensics Company
 
Tech@Work: How Employers Can Thrive in the Digital Workplace
Tech@Work: How Employers Can Thrive in the Digital WorkplaceTech@Work: How Employers Can Thrive in the Digital Workplace
Tech@Work: How Employers Can Thrive in the Digital Workplace
 
Cyber Liabilty: A new exposure for businesses
Cyber Liabilty: A new exposure for businesses Cyber Liabilty: A new exposure for businesses
Cyber Liabilty: A new exposure for businesses
 
Cyber liabilty
Cyber liabiltyCyber liabilty
Cyber liabilty
 
IT vs. Users? How Law Firms Can Maximize Security While Granting Access to th...
IT vs. Users? How Law Firms Can Maximize Security While Granting Access to th...IT vs. Users? How Law Firms Can Maximize Security While Granting Access to th...
IT vs. Users? How Law Firms Can Maximize Security While Granting Access to th...
 
Dealing with Data Breaches Amidst Changes In Technology
Dealing with Data Breaches Amidst Changes In TechnologyDealing with Data Breaches Amidst Changes In Technology
Dealing with Data Breaches Amidst Changes In Technology
 
Sept 2012 data security & cyber liability
Sept 2012 data security & cyber liabilitySept 2012 data security & cyber liability
Sept 2012 data security & cyber liability
 
The CISO’s Guide to Being Human
The CISO’s Guide to Being HumanThe CISO’s Guide to Being Human
The CISO’s Guide to Being Human
 
Sample IT Policy
Sample IT PolicySample IT Policy
Sample IT Policy
 
Privacy Implications of Biometric Data - Kevin Nevias
Privacy Implications of Biometric Data - Kevin NeviasPrivacy Implications of Biometric Data - Kevin Nevias
Privacy Implications of Biometric Data - Kevin Nevias
 
5 Technology Trends Construction Contractors Can't Afford To Ignore
5 Technology Trends Construction Contractors Can't Afford To Ignore5 Technology Trends Construction Contractors Can't Afford To Ignore
5 Technology Trends Construction Contractors Can't Afford To Ignore
 
Joanna Belbey Presentation - BDI 10/20/11 Insurance Social Communications Lea...
Joanna Belbey Presentation - BDI 10/20/11 Insurance Social Communications Lea...Joanna Belbey Presentation - BDI 10/20/11 Insurance Social Communications Lea...
Joanna Belbey Presentation - BDI 10/20/11 Insurance Social Communications Lea...
 
Signacure Brochure
Signacure BrochureSignacure Brochure
Signacure Brochure
 
It policy (ver 1.0)
It policy (ver 1.0)It policy (ver 1.0)
It policy (ver 1.0)
 

Viewers also liked

Employer Engagement
Employer EngagementEmployer Engagement
Employer EngagementJames Philip
 
UG Prospectus_2017_Web
UG Prospectus_2017_WebUG Prospectus_2017_Web
UG Prospectus_2017_WebJames Philip
 
Neuromarketing aplicado al diseño web. análisis comparativo de webshop de a...
Neuromarketing aplicado al diseño web. análisis comparativo de webshop de a...Neuromarketing aplicado al diseño web. análisis comparativo de webshop de a...
Neuromarketing aplicado al diseño web. análisis comparativo de webshop de a...Microsoft
 
Foreign Banks in India
Foreign Banks in IndiaForeign Banks in India
Foreign Banks in IndiaMatewos4
 
Case study (Pepsi syringe crisis of 1991)
Case study (Pepsi syringe crisis of 1991)Case study (Pepsi syringe crisis of 1991)
Case study (Pepsi syringe crisis of 1991)Bushra Sehar
 
2015-09-01 クラウド時代の運用エンジニアは何が変わるのか
2015-09-01 クラウド時代の運用エンジニアは何が変わるのか2015-09-01 クラウド時代の運用エンジニアは何が変わるのか
2015-09-01 クラウド時代の運用エンジニアは何が変わるのかOperation Lab, LLC.
 
Analytics 3.0 Measurable business impact from analytics & big data
Analytics 3.0 Measurable business impact from analytics & big dataAnalytics 3.0 Measurable business impact from analytics & big data
Analytics 3.0 Measurable business impact from analytics & big dataMicrosoft
 
Aplikasi e commerce 2 - e-business model
Aplikasi e commerce 2 - e-business modelAplikasi e commerce 2 - e-business model
Aplikasi e commerce 2 - e-business modelThe Bali Computer
 
Doliny , hrady a národné
Doliny , hrady a národnéDoliny , hrady a národné
Doliny , hrady a národnéSona Kotucova
 

Viewers also liked (16)

Menulis buku? Gampang!
Menulis buku? Gampang!Menulis buku? Gampang!
Menulis buku? Gampang!
 
AWSCLI AutoScaling
AWSCLI AutoScalingAWSCLI AutoScaling
AWSCLI AutoScaling
 
Employer Engagement
Employer EngagementEmployer Engagement
Employer Engagement
 
UG Prospectus_2017_Web
UG Prospectus_2017_WebUG Prospectus_2017_Web
UG Prospectus_2017_Web
 
Neuromarketing aplicado al diseño web. análisis comparativo de webshop de a...
Neuromarketing aplicado al diseño web. análisis comparativo de webshop de a...Neuromarketing aplicado al diseño web. análisis comparativo de webshop de a...
Neuromarketing aplicado al diseño web. análisis comparativo de webshop de a...
 
Rooh afza
Rooh afzaRooh afza
Rooh afza
 
Foreign Banks in India
Foreign Banks in IndiaForeign Banks in India
Foreign Banks in India
 
Case study (Pepsi syringe crisis of 1991)
Case study (Pepsi syringe crisis of 1991)Case study (Pepsi syringe crisis of 1991)
Case study (Pepsi syringe crisis of 1991)
 
API Gateway / AWS CLI
API Gateway / AWS CLIAPI Gateway / AWS CLI
API Gateway / AWS CLI
 
2015-09-01 クラウド時代の運用エンジニアは何が変わるのか
2015-09-01 クラウド時代の運用エンジニアは何が変わるのか2015-09-01 クラウド時代の運用エンジニアは何が変わるのか
2015-09-01 クラウド時代の運用エンジニアは何が変わるのか
 
Analytics 3.0 Measurable business impact from analytics & big data
Analytics 3.0 Measurable business impact from analytics & big dataAnalytics 3.0 Measurable business impact from analytics & big data
Analytics 3.0 Measurable business impact from analytics & big data
 
Aplikasi e commerce 2 - e-business model
Aplikasi e commerce 2 - e-business modelAplikasi e commerce 2 - e-business model
Aplikasi e commerce 2 - e-business model
 
cyber crime
cyber crime cyber crime
cyber crime
 
Company Profile Presentation 2014
Company Profile Presentation 2014Company Profile Presentation 2014
Company Profile Presentation 2014
 
Base Resume
Base ResumeBase Resume
Base Resume
 
Doliny , hrady a národné
Doliny , hrady a národnéDoliny , hrady a národné
Doliny , hrady a národné
 

Similar to Cosac 2013 Legal Aspects of Byod

Did you Issue Smartphones to all of your Employees? Here are Two Reasons you ...
Did you Issue Smartphones to all of your Employees? Here are Two Reasons you ...Did you Issue Smartphones to all of your Employees? Here are Two Reasons you ...
Did you Issue Smartphones to all of your Employees? Here are Two Reasons you ...Kyron Baxter
 
OC CIO Roundtable BYOD
OC CIO Roundtable BYODOC CIO Roundtable BYOD
OC CIO Roundtable BYODJim Sutter
 
IT Consumerization – iPad’ing the Enterprise or BYO Malware?
IT Consumerization – iPad’ing the Enterprise or BYO Malware?IT Consumerization – iPad’ing the Enterprise or BYO Malware?
IT Consumerization – iPad’ing the Enterprise or BYO Malware?Barry Caplin
 
Ten Commandments of BYOD
Ten Commandments of BYODTen Commandments of BYOD
Ten Commandments of BYODK Singh
 
Digital Forensics 101 – How is it used to protect an Organization’s Data?
Digital Forensics 101 – How is it used to protect an Organization’s Data?Digital Forensics 101 – How is it used to protect an Organization’s Data?
Digital Forensics 101 – How is it used to protect an Organization’s Data?PECB
 
Five strategies for gdpr compliance
Five strategies for gdpr complianceFive strategies for gdpr compliance
Five strategies for gdpr compliancePeter Goldbrunner
 
Network Security - What Every Business Needs to Know
Network Security - What Every Business Needs to KnowNetwork Security - What Every Business Needs to Know
Network Security - What Every Business Needs to Knowmapletronics
 
Maa s360 10command_ebook-bangalore
Maa s360 10command_ebook-bangaloreMaa s360 10command_ebook-bangalore
Maa s360 10command_ebook-bangaloreIBM Software India
 
Maa s360 10command_ebook-bangalore[1]
Maa s360 10command_ebook-bangalore[1]Maa s360 10command_ebook-bangalore[1]
Maa s360 10command_ebook-bangalore[1]IBM Software India
 
Cyber security awareness for end users
Cyber security awareness for end usersCyber security awareness for end users
Cyber security awareness for end usersNetWatcher
 
Keep Calm and GDPR
Keep Calm and GDPRKeep Calm and GDPR
Keep Calm and GDPRMissMarvel70
 
BYOD is Happening. Here's How to Make the Most of It
BYOD is Happening. Here's How to Make the Most of ItBYOD is Happening. Here's How to Make the Most of It
BYOD is Happening. Here's How to Make the Most of ItArlette Measures
 
PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 2)
PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 2)PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 2)
PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 2)Pace IT at Edmonds Community College
 
Microsoft DATA Protection To Put secure.
Microsoft DATA Protection To Put secure.Microsoft DATA Protection To Put secure.
Microsoft DATA Protection To Put secure.jayceewong1
 
Securing Your Intellectual Property: Preventing Business IP Leaks
Securing Your Intellectual Property: Preventing Business IP LeaksSecuring Your Intellectual Property: Preventing Business IP Leaks
Securing Your Intellectual Property: Preventing Business IP LeaksHokme
 
Private Data and Prying Eyes
Private Data and Prying EyesPrivate Data and Prying Eyes
Private Data and Prying EyesEllie Sherven
 
Manjula security for startups
Manjula security for startupsManjula security for startups
Manjula security for startupsKesava Reddy
 
1. Reply to Discussion ( Minimum 200 Words)1. What types of et.docx
1. Reply to Discussion ( Minimum 200 Words)1. What types of et.docx1. Reply to Discussion ( Minimum 200 Words)1. What types of et.docx
1. Reply to Discussion ( Minimum 200 Words)1. What types of et.docxambersalomon88660
 

Similar to Cosac 2013 Legal Aspects of Byod (20)

Did you Issue Smartphones to all of your Employees? Here are Two Reasons you ...
Did you Issue Smartphones to all of your Employees? Here are Two Reasons you ...Did you Issue Smartphones to all of your Employees? Here are Two Reasons you ...
Did you Issue Smartphones to all of your Employees? Here are Two Reasons you ...
 
OC CIO Roundtable BYOD
OC CIO Roundtable BYODOC CIO Roundtable BYOD
OC CIO Roundtable BYOD
 
OC CIO BYOD
OC CIO BYODOC CIO BYOD
OC CIO BYOD
 
IT Consumerization – iPad’ing the Enterprise or BYO Malware?
IT Consumerization – iPad’ing the Enterprise or BYO Malware?IT Consumerization – iPad’ing the Enterprise or BYO Malware?
IT Consumerization – iPad’ing the Enterprise or BYO Malware?
 
Ten Commandments of BYOD
Ten Commandments of BYODTen Commandments of BYOD
Ten Commandments of BYOD
 
Digital Forensics 101 – How is it used to protect an Organization’s Data?
Digital Forensics 101 – How is it used to protect an Organization’s Data?Digital Forensics 101 – How is it used to protect an Organization’s Data?
Digital Forensics 101 – How is it used to protect an Organization’s Data?
 
Five strategies for gdpr compliance
Five strategies for gdpr complianceFive strategies for gdpr compliance
Five strategies for gdpr compliance
 
Network Security - What Every Business Needs to Know
Network Security - What Every Business Needs to KnowNetwork Security - What Every Business Needs to Know
Network Security - What Every Business Needs to Know
 
Byod
ByodByod
Byod
 
Maa s360 10command_ebook-bangalore
Maa s360 10command_ebook-bangaloreMaa s360 10command_ebook-bangalore
Maa s360 10command_ebook-bangalore
 
Maa s360 10command_ebook-bangalore[1]
Maa s360 10command_ebook-bangalore[1]Maa s360 10command_ebook-bangalore[1]
Maa s360 10command_ebook-bangalore[1]
 
Cyber security awareness for end users
Cyber security awareness for end usersCyber security awareness for end users
Cyber security awareness for end users
 
Keep Calm and GDPR
Keep Calm and GDPRKeep Calm and GDPR
Keep Calm and GDPR
 
BYOD is Happening. Here's How to Make the Most of It
BYOD is Happening. Here's How to Make the Most of ItBYOD is Happening. Here's How to Make the Most of It
BYOD is Happening. Here's How to Make the Most of It
 
PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 2)
PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 2)PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 2)
PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 2)
 
Microsoft DATA Protection To Put secure.
Microsoft DATA Protection To Put secure.Microsoft DATA Protection To Put secure.
Microsoft DATA Protection To Put secure.
 
Securing Your Intellectual Property: Preventing Business IP Leaks
Securing Your Intellectual Property: Preventing Business IP LeaksSecuring Your Intellectual Property: Preventing Business IP Leaks
Securing Your Intellectual Property: Preventing Business IP Leaks
 
Private Data and Prying Eyes
Private Data and Prying EyesPrivate Data and Prying Eyes
Private Data and Prying Eyes
 
Manjula security for startups
Manjula security for startupsManjula security for startups
Manjula security for startups
 
1. Reply to Discussion ( Minimum 200 Words)1. What types of et.docx
1. Reply to Discussion ( Minimum 200 Words)1. What types of et.docx1. Reply to Discussion ( Minimum 200 Words)1. What types of et.docx
1. Reply to Discussion ( Minimum 200 Words)1. What types of et.docx
 

Recently uploaded

IndiaWest: Your Trusted Source for Today's Global News
IndiaWest: Your Trusted Source for Today's Global NewsIndiaWest: Your Trusted Source for Today's Global News
IndiaWest: Your Trusted Source for Today's Global NewsIndiaWest2
 
Political-Ideologies-and-The-Movements.pptx
Political-Ideologies-and-The-Movements.pptxPolitical-Ideologies-and-The-Movements.pptx
Political-Ideologies-and-The-Movements.pptxSasikiranMarri
 
Geostrategic significance of South Asian countries.ppt
Geostrategic significance of South Asian countries.pptGeostrategic significance of South Asian countries.ppt
Geostrategic significance of South Asian countries.pptUsmanKaran
 
16042024_First India Newspaper Jaipur.pdf
16042024_First India Newspaper Jaipur.pdf16042024_First India Newspaper Jaipur.pdf
16042024_First India Newspaper Jaipur.pdfFIRST INDIA
 
57 Bidens Annihilation Nation Policy.pdf
57 Bidens Annihilation Nation Policy.pdf57 Bidens Annihilation Nation Policy.pdf
57 Bidens Annihilation Nation Policy.pdfGerald Furnkranz
 
Global Terrorism and its types and prevention ppt.
Global Terrorism and its types and prevention ppt.Global Terrorism and its types and prevention ppt.
Global Terrorism and its types and prevention ppt.NaveedKhaskheli1
 
15042024_First India Newspaper Jaipur.pdf
15042024_First India Newspaper Jaipur.pdf15042024_First India Newspaper Jaipur.pdf
15042024_First India Newspaper Jaipur.pdfFIRST INDIA
 
Rohan Jaitley: Central Gov't Standing Counsel for Justice
Rohan Jaitley: Central Gov't Standing Counsel for JusticeRohan Jaitley: Central Gov't Standing Counsel for Justice
Rohan Jaitley: Central Gov't Standing Counsel for JusticeAbdulGhani778830
 
Foreign Relation of Pakistan with Neighboring Countries.pptx
Foreign Relation of Pakistan with Neighboring Countries.pptxForeign Relation of Pakistan with Neighboring Countries.pptx
Foreign Relation of Pakistan with Neighboring Countries.pptxunark75
 

Recently uploaded (9)

IndiaWest: Your Trusted Source for Today's Global News
IndiaWest: Your Trusted Source for Today's Global NewsIndiaWest: Your Trusted Source for Today's Global News
IndiaWest: Your Trusted Source for Today's Global News
 
Political-Ideologies-and-The-Movements.pptx
Political-Ideologies-and-The-Movements.pptxPolitical-Ideologies-and-The-Movements.pptx
Political-Ideologies-and-The-Movements.pptx
 
Geostrategic significance of South Asian countries.ppt
Geostrategic significance of South Asian countries.pptGeostrategic significance of South Asian countries.ppt
Geostrategic significance of South Asian countries.ppt
 
16042024_First India Newspaper Jaipur.pdf
16042024_First India Newspaper Jaipur.pdf16042024_First India Newspaper Jaipur.pdf
16042024_First India Newspaper Jaipur.pdf
 
57 Bidens Annihilation Nation Policy.pdf
57 Bidens Annihilation Nation Policy.pdf57 Bidens Annihilation Nation Policy.pdf
57 Bidens Annihilation Nation Policy.pdf
 
Global Terrorism and its types and prevention ppt.
Global Terrorism and its types and prevention ppt.Global Terrorism and its types and prevention ppt.
Global Terrorism and its types and prevention ppt.
 
15042024_First India Newspaper Jaipur.pdf
15042024_First India Newspaper Jaipur.pdf15042024_First India Newspaper Jaipur.pdf
15042024_First India Newspaper Jaipur.pdf
 
Rohan Jaitley: Central Gov't Standing Counsel for Justice
Rohan Jaitley: Central Gov't Standing Counsel for JusticeRohan Jaitley: Central Gov't Standing Counsel for Justice
Rohan Jaitley: Central Gov't Standing Counsel for Justice
 
Foreign Relation of Pakistan with Neighboring Countries.pptx
Foreign Relation of Pakistan with Neighboring Countries.pptxForeign Relation of Pakistan with Neighboring Countries.pptx
Foreign Relation of Pakistan with Neighboring Countries.pptx
 

Cosac 2013 Legal Aspects of Byod

  • 1. Legal Aspects of BYOD Lawrence D. Dietz, Esq.
  • 2. www.TALGlobal.comWhen Experience Matters BYOD Adoption Source: Bring Your Own Device: The Facts and the Future; Gartner Group; April 2013 U.S. U.K. Canada Brazil Russia India China Desktop Computers 47% 38% 47% 56% 10% 55% 54% Laptop Computers 41% 32% 41% 57% 7% 68% 56% Standard Mobile Phones 33% 29% 27% 50% 36% 84% 78% Smartphones 55% 38% 47% 71% 5% 85% 76%
  • 3. www.TALGlobal.comWhen Experience Matters  Lost, Damaged or Stolen Devices  Employees come with or leave with sensitive data  Inappropriate images or communication  Introduction of malicious code  Minimum level of security products & proper procedures, e.g. passcode  Guidance on public wifi  Encryption: at rest and in transit  App policy and security evaluation  Cost sharing and legal responsibilities  Combined (personal & professional) use  Security Issues  Data Ownership Common BYOD Problems
  • 4. www.TALGlobal.comWhen Experience Matters  Working Definition of BYOD  The State of BYOD Law Today  The Future of BYOD Setting The Stage
  • 5. www.TALGlobal.comWhen Experience Matters  Bring Your Own Device or BYOD simply means that the employee is using their own electronic device (smart phone, tablet, laptop, etc.) for company purposes.  The employer owns the device and pays the bill for its use whether or not the employer reimburses the employee for the cost.  The device contains personal data about the employee to include PII and PCI and possibly PHI.  The employee may not be the only person using the device. Working Definition of BYOD
  • 6. www.TALGlobal.comWhen Experience Matters  No Specific BYOD Laws  Existing Areas of Law Apply Privacy Law Labor Law* Laws Relating To:  Stored Communications  Computer Fraud & Abuse  Information Security & Privacy  Electronic Discovery  Minors and the Internet  International Travel – Search & Seizure The State of BYOD Law Today
  • 7. www.TALGlobal.comWhen Experience Matters  Breach of Contract  Breach of Fiduciary Duty  Intellectual Property Loss Unauthorized access, disclosure, modification Unauthorized destruction, deletion  PII Exposure & Breach Liability Unauthorized access, disclosure, modification, destruction, deletion Security breach disclosure obligations  E-Discovery Laws and Compliance The State of BYOD Law Today – Foundational Law
  • 8. www.TALGlobal.comWhen Experience Matters  Industries where laws are likely to apply to BYOD even if not explicitly stated: Government Health Care Finance Electrical and Nuclear Power The State of BYOD Law Today – Industry Laws
  • 9. www.TALGlobal.comWhen Experience Matters  Clean Hands  Privacy Waiver  Policy Acknowledgement  IP Creation Rules  Keeping Own Number & Making Personal Calls Likely Means Higher Level of Privacy Post Employment Pre-Employment Overview
  • 10. www.TALGlobal.comWhen Experience Matters How will the employer know what content is on the device before it is given access to organizational resources?  Pornography  Nature of Personal Data & It’s Current Protection  Data from former employers  Employee owned Intellectual Property PHI and/or PII on others besides the device owner Pre-Employment Considerations
  • 11. www.TALGlobal.comWhen Experience Matters  Create the policy BEFORE allowing the use of BYOD  Who is eligible for access (labor law concerns)  Who pays for what  What technical parameters for the device  Devices supported  Data plans  What security measures must be followed  What apps are permitted  What data are permitted / excluded  How and when a mobile device may be used to access the company network  Acceptable use policies  Limits on places and applications BYOD Policy Considerations
  • 12. www.TALGlobal.comWhen Experience Matters  What data are collected from employee’s device What data may not be collected from employee’s device  What to do if the device is lost or stolen Geolocation of lost device Remote wipe data on lost device  Company’s ability to access device used for work, including employee’s activity on the device, employee’s access to social media, web-based personal email  Company’s access in connection w. litigation, e-discovery requests, internal or external investigation  What happens if employee leaves the company  Legal limits on GPS locators or other monitoring software BYOD Policy Considerations (Continued)
  • 13. www.TALGlobal.comWhen Experience Matters Are there specific current company polices that were written specifically to address BYOD? Is the employee or contractor made aware of them prior to hiring or retaining? Does the employee or contractor acknowledge that they are aware of these regulations and will follow them. Company Side Considerations
  • 14. www.TALGlobal.comWhen Experience Matters  Policy Familiarization & Acknowledgement  Consent to search device, consent for electronic discovery.  Employer responsibilities: secure device, replace/repair  Limits as to what can be stored or accessed on the employee’s device.  Employer’s security software: encryption, access control.  Hourly/work records  Mandatory Breach Notification Responsibilities Considerations During Employment
  • 15. www.TALGlobal.comWhen Experience Matters  Audit of personal devices IP Theft Data of others: PII, PHI, etc.  Extended consents for a “reasonable” period of time  Responsibilities and compensation for participation in post-employment legal procedures. Post Employment Considerations
  • 16. www.TALGlobal.comWhen Experience Matters  Establish standards for identifying the acceptable device Manufacturers, devices, models, operating platforms Mobile networks and service plans  Define the procedure for enrollment Configuration of the devices  Define the parameters of assistance to employees Initial activation assistance On-going support Identify relevant security patches, and mechanisms to download them End-of-support The Role of the IT Department
  • 17. www.TALGlobal.comWhen Experience Matters  Define security standards Minimum security standards to be met before accessing network Authentication Lost password Lost device  Define privacy standards Segregation of company data v. personal data  Monitor Review server logs to determine what was downloaded The Role of the IT Department (Continued)
  • 19. www.TALGlobal.comWhen Experience Matters Eddie is a software engineer who recently joined the company. His former employer is one of your company’s major competitors. Your company has adopted Nokia Lumina Windows Smart phones because your purchasing department got a great deal. Eddie insists on using his personal iPhone for company business even though he doesn’t get reimbursed for his calls. You are Eddie’s supervisor. HR calls you and you find yourself in an office with the head of HR and your company’s General Counsel. Eddie’s employer is suing yours for theft of trade secrets and you have received a subpoena (or your country’s equivalent) to turn over Eddie’s phone. 1. Is the company responsible for turning over Eddie’s phone? 2. Do you think your company is liable for Eddie’s actions? Case Study #1
  • 20. www.TALGlobal.comWhen Experience Matters You are sitting in the company cafeteria and you over hear a conversation about a Facebook posting. Seems that a picture of your new prototype appeared on one of your employee’s teenage children’s pages. The discussion was among your very junior staff, one of whom is friends with the poster. Upon investigating you find out that the employee-parent allowed his child to take his iPad to school and that the employee had been using the iPad as a convenient way to work at home on the new prototype’s design. You also learn that the employee’s supervisor was not aware of the iPad’s use. 1. What action do you take against the employee? 2. Suppose the company had supplied the iPad would your action be different? Case Study #2
  • 21. www.TALGlobal.comWhen Experience Matters Your company has settled on Android phones. However, your top sales person, Samantha insists on using her iPhone. Samantha keeps her contact list, a very sought after property since it reflects her five years as top sales person, on her iPhone. She does not have the Passcode feature enabled. On one Monday morning a mournful Samantha comes into your office as CSO and tells you that her beloved iPhone was lost over the weekend. She wants to know what you intend to do about replacing it for her? 1. What do you feel you need to do? 2. Would your answer change if the contact list was maintained using an approved company app? Case Study #3
  • 22. www.TALGlobal.comWhen Experience Matters  Thorough evaluation of the potential uses; and of the related risks  Limiting what data may be used from, or stored in a non-company owned device  Authentication  Easy to comply with security measures: policies, procedures, technology  Frequent audits and monitoring of compliance, and updating of the policies and procedures  Training and awareness  Enhanced termination procedures Top Ways to Minimize BYOD Liability
  • 23. www.TALGlobal.comWhen Experience Matters  What if organizations require employees to use their own devices like carpenters use their own tools?  Younger work force will demand to use their own devices.  SAAS will migrate to “Aps” if they haven’ already. Platform agnostic aps will rule.  Growth of non-traditional employees will foster BYOD Future of BYOD
  • 24. THANK YOU LDietz@TALGlobal.com When Experience Matters www.TALGlobal.com To learn more, please see this Video

Editor's Notes

  1. Innovative Turnkey Integrated Solutions