A breakdown of the old paradigm that your company controls work devices and you control yours and "never the twain shall meet."
A personal iPhone can be set up to receive company email via a
Microsoft Exchange Server. But once it is set up, the phone can receive a
variety of commands from the server including a remote wipe, which can destroy
all the data and disable the phone.
As more companies allow and even encourage employees to use their own
phone and tablets for work activities, often referred to as Bring Your Own
Device,” or BYOD, an unexpected consequence has arisen for workers who have
seen their devices wiped clean – remotely and with little or no advance warring
– during or after employment by firms looking to secure their data.
Destruction via email
Since 2003, a growing list of smart phones have come loaded with
software from Microsoft that makes remote wipes – and many other remote-control
commands – possible.The phone doesn’t need to download any new software. All that’s necessary is for the phone’s user to configure it to receive email from a Microsoft Exchange Server – the kind most big companies use.
A Remote On/Off Switch
Once that’s been set up, an IT department has the capability to wipe the phone and turn off functions like Bluetooth, the Web browser and even the phone’s camera.
Privacy v. Data Protection
Although it is not uncommon for employers to monitor employees' online activity, many employers are moving toward blocking, firewalling, or restricting Web access based on authentication and encryptions. Similarly, employers have begun to prohibit the storage of company information on any cloud-based sites such as Dropbox or iCloud.
But the question remains: Where should employers draw the line between their right to protect sensitive data and the employee's right to privacy? In the government sector, the U.S. Supreme Court held that even where a public employee has a reasonable expectation of privacy, it can be outweighed for a search with a legitimate work-related purpose (Ontario v. Quon, 130 S. Ct. 2619 (2010)). The facts of the case could influence similar claims against private employers.
Blurred work/personal life
Phone wiping is just another example of the complications that emerge when the distinctions between our work and personal lives collapse. Employers increasing expect worker to be available 24/7 but don’t always provide company equipment to make that possible, leaving working in a bind: Expose themselves to losing personal information when a phone is erased, or refuse to use a personal devise and risk looking disengaged.
Sources:
1. California Lawyer, "Personal Tech Pitfalls at Work," Paul S. Cowie and Dorna Moini, June 2013
2. The Wall Street Journal, "Leaving a Job? Better Watch Your Cellphone," Laruen Weber
3. Forbes, "Mobile Security: The Fallacy Of Remote Wiping Your Phone," Eric Savitz, July 10, 2012
No comments:
Post a Comment