Manage Learn to apply best practices and optimize your operations.

What mobile data rules best protect business and personal information?

Attorney Jeffrey Ritter discusses mobile management processes to help companies protect both their data assets and employees' personal information.

Personal devices are an increasingly essential work-related tool, and have made mobile information management a big data governance concern. Chief among these governance obstacles is protecting corporate data assets while simultaneously avoiding personal information privacy violations.

Jeffrey RitterJeffrey Ritter

In this Ask the Expert, Jeffrey Ritter, Esq., founder of the Ritter Academy, explains how mobile device use forces changes in companies' data management processes, and how companies can protect both their own information assets and employees' personal information.

You have talked a lot about how mobile device use is having a major influence on modern information management. Where does privacy fit into the equation?

Jeffrey Ritter: It's important to understand that personal information is emerging as a new kind of property. That's true for all digital information, but particularly because of the regulatory and the commercial interest in personal information. When we look at personal information being created, accessed, used or stored in mobile devices, privacy fits into the equation as almost two sides of the same coin. On the first side, a company has an interest in protecting the information assets of the organization. But does it extend to an employee that may be using a mobile device that includes personal information to access corporate records?

Companies need to build their controls and their rules to protect information out onto the mobile devices. At the same time, the company has some problems on the other side of the coin. If the mobile device is used by the employee for other personal affairs, or if it is a personal device, there has to be a way of putting in place rules that respect the privacy of the user of these devices with regards to their personal information that's not directly connected to the company's business. Those are really two sides of the same coin, but it requires different rule inventories to be developed by the company and put in place with the knowledge and consent of the users.

What information management processes are needed to separate corporate and personal data to avoid potential privacy ramifications?

Ritter: That task is actually one that is very difficult to do. Think about how all of us use electronic mail in our business. It's the rare organization today that was successful 10-15 years ago in saying 'you can only use the electronic mail platform we provide for corporate purposes, and you can never email your wife to talk about the grocery list.' It just doesn't happen anymore. When we are looking at corporate implementations of bring your own device, then it's not going to be rationally possible, in most instances, to say there is 'no personal aspect in those devices.'

Instead, you have to think about how to structure the information asset governance, the applications and the systems so that one is separated from the other. The management processes that are going to be important are firewalls, defined access privileges and access limitations for anyone using a corporate-owned device from a public Internet resource that is not directly related to their business. Those three things are where the friction occurs, and the best thing to do to protect the corporate information assets is to build in the right kind of access controls that keep the information within the firewall even if it's being accessed from a mobile device.

As told to Ben Cole, site editor.

Dig Deeper on ID and access management for compliance

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

What steps does your organization take to protect both company and personal information privacy when employees use mobile devices for work purposes?
Decision-making powers over mobile security are a tug of war. Privacy and company security are closely related these days. A basic remedy, install pass codes, stay away from unverified links, avoid downloads, possibly filled with hacking viruses and maintain updates. Devices continually update, protecting against malware and DDos. Note the IMEI on the phone, stay away from open Wi-Fi. Allow the cloud service for the company to find the employees phone and initiate a wiping command. This destroys information virtually making the phone useless. This tracking practice is a slippery slope but companies are using this method.