Skip to main content
App Management Individual Blog Image

This post is from the Apperian blog and has not been updated since the original publish date.

Last Updated Mar 09, 2015 — App Management expert

How Effective BYOD Policies Can Help Limit Legal Exposure

App Management

In and of themselves, BYOD programs don't pose legal issues to companies that use them. However, when employees circumvent organizational security protocols to access work-related systems—such as policies against accessing insecure public WiFi networks—this exposes the organization to uncontrolled levels of risk, as do other aspects of connectivity to systems that contain sensitive corporate and customer information. Employees aren’t necessarily familiar with the security risks associated with using personal devices that contain proprietary company and customer information. Potential liabilities associated with BYOD programs can include:

  • Lost or stolen devices that are either unsecured or unencrypted where sensitive organizational data can fall into the wrong hands.
  • An employee violates a breach notification law such as the breach notification rule under the Health Insurance Portability and Accountability Act (HIPAA).
  • Data transfers that occur across national borders that may violate international or country-specific laws.
  • If an employee is on a business call and is involved in an automobile accident while driving, the employer can be sued for damages along with the employee—even if the employee is using a hands-free device, according to case law.
  • Transfer of data deemed to represent trade secrets.

Although BYOD programs don’t necessarily introduce new liabilities facing mobile enterprises, initiatives should nevertheless be accompanied with the right BYOD policies and companies should do their due diligence in regards to addressing privacy, surveillance, and data security concerns Given these and other liability concerns associated with the use of employee-owned devices containing corporate data, well-crafted and clearly communicated BYOD policies can enable companies to limit their legal exposure. For starters, BYOD policies should provide clarity on how the program is structured along with the responsibilities of the organization, its employees, and business partners. Meanwhile, policies should include the device types that are permitted for use under a BYOD program as well as access rights. It’s also helpful to have employees actively accept the terms of an organization’s BYOD policies before allowing them to access and download enterprise mobile apps.

More from the Blog

View more
Apr 30, 2020

Mobile Application Management: A Forward View

App Management
  IT Is Adapting in the Midst of the COVID-19 Pandemic The Coron ...
Read More
May 19, 2019

Sneak Peek: How Are IT Leaders Driving Mobile App Adoption?

App Management
Apperian conducted the The Mobile Enterprise Application Survey to fin ...
Read More
Jan 30, 2019

Part 1: App Security Should Be an Integral Part of Your DevSecOps Process — Not an Afterthought

Application Security
What are the key considerations and components of DevSecOps? The in ...
Read More
Nov 19, 2018

Breaking Down the New California IoT Law

Application Security
Recently California passed legislation regarding the security of all I ...
Read More
Contact Us