In recent years, bring-your-own-device policies have evolved from a tech buzzword to a must-have tool for IT organizations trying to protect data assets while also appeasing employees who want to use their personal devices for business purposes.
But business data protection should not be the only goal of a bring your own device (BYOD) program, said Johan Vandendriessche, a Belgium-based independent IT lawyer and author who specializes in data protection law. There are numerous potential BYOD legal issues to be concerned with, especially in regards to employee privacy.
"There is a whole range of regulations that deal with information security," Vandendriessche said during a 2012 SearchCompliance.com/SearchSecurity.com webcast on BYOD legal issues. "On top of these laws and regulations, there is a very large contractual scope among which of the [BYOD] policies are a very important instrument."
More on BYOD strategy
Consider employee privacy when developing BYOD policy
Data protection strategy evolves due to cloud, BYOD
BYOD policies will only become more important as IT consumerization spreads, Vandendriessche said, especially in the face of the evolving European Union data protection laws. Every corporation operating on a global scale will have to face these rules, made more complicated because different countries often have different interpretations of the regulations, he added.
To avoid legal issues, BYOD policies should clearly outline how companies will monitor corporate activity on employees and how they'll ensure that this monitoring is in accordance with applicable law. Data monitoring is particularly sensitive from a BYOD legal standpoint, and policies can help ensure organizations are on the right side of the law, Vandendriessche said.
"I think that policies are major instruments when allowing employees to use technology, be it for professional or for private purposes," Vandendriessche said. "They raise awareness, they instruct employees and consequently reduce the risk for infringement. They also serve to manage the privacy expectations of the employee."
In this video webcast, learn more about BYOD legal issues as Vandendriessche discusses how organizations can take advantage of consumerization, but also use BYOD policies to protect themselves against data privacy rules and other regulatory compliance concerns.