BYOD refers to the policy of permitting employees to bring personally owned mobile devices (laptops, tablets, and smart phones) to their workplace and to use those devices to access privileged company information and applications. [See the Legal Guide to Use of Social Media in the Workplac e July 2013 for more discussion of BYOD and employment related issues]. A challenging but important task for any business who utilizes BYOD is to develop a policy that defines exactly what sensitive business information needs to be protected, which employees should have access to this information, and then to educate all employees on this policy. What if an employee uses a smartphone to access the company network and then loses that phone? Someone outside the business could retrieve any unsecured data on that phone. Another potential issue is with an employee who leaves and takes the device with them along with proprietary business information and personal and sensitive data. Administrative Safeguards Training is an integral part of any privacy program. Even the most secure systems can still be penetrated or hacked so the focus should not be limited to technical solutions. The failure of an employee to follow appropriate practices when working within a secure system or network can place personal data along with proprietary information at risk. As noted above, in the case of Target, an HVAC vendor somehow disclosed a secure password to the person responsible for the extensive malware attack and data breach affecting millions of customers. While administrative safeguards are sometimes an afterthought in privacy compliance, these audits, policies, procedures, and training are the backbone of any successful and sustainable data security system and should be given early and proper attention.
172
Made with FlippingBook - Online Brochure Maker