Bring your own device (BYOD) was one of the many subjects covered at the Information Governance and eDiscovery Strategy Exchange in San Diego where we heard from two corporations who are developing policies aimed at reconciling the benefits of allowing employees to use their own devices with the security, eDiscovery and other risks which that brings.
One of the speakers referred to the data privacy implications which arise in the EU and other jurisdictions which are more concerned about the use and misuse of personal data than is the case in the US. There was not time to explore this but now Jim Shook of EMC has done just that with an article on EMC SourceOne insider headed Archiving to help solve BYOD.
Jim Shook refers to guidance published by the UK’s information Commissioner’s office which sets out the policies which ought to be in place within corporations, not merely to protect themselves but to minimise the possibility of breaches of the law relating to personal data. Jim draws attention to the archiving possibilities relating to such of the BYOD content as can be stored centrally.
Where it is possible to protect data and to stay within the rules by this or any other means then the potential consequences of failing to do so are proportionately increased – if keeping a single central repository of data could have been done then it should have been done, and courts and regulators are unlikely to be sympathetic to those who failed to make use of such facilities. As Jim Shook says, this is a “solid best practice” wherever you are located.
One of the points made at the San Diego panel was that much of the data on many devices may only be replicated to its owner’s other devices, both as a licensing matter and in practice. Companies need to be alert to the difference between data which is, and data which is not, capable of being archived centrally as well as to the distinction between company and private information.