The cross-use of mobile devices for personal and professional purposes, commonly referred to as “Bring Your Own Device” or “BYOD”, is a relatively recent phenomenon that has created a host of legal and practical challenges for organizations of all sizes. Implementing a BYOD program is especially complex for companies that have employees who regularly travel internationally, taking their devices (and corporate data) along with them when they cross borders.
In a recent article published by the Richmond Journal of Law & Technology, Wherever You Go, There You Are (With Your Mobile Device): Privacy Risks and Legal Complexities Associated with International “Bring Your Own Device” Programs, we provide in-depth analysis of a number of key BYOD considerations, including:
- Current BYOD adoption rates and trends around the world;
- The tension between organizational control of mobile devices and employee privacy;
- Existing laws, regulatory guidance, and jurisprudence applicable to BYOD programs;
- Concerns associated with BYOD in the eDiscovery context; and
- Approaches to BYOD in France, Germany, Spain, and the United Kingdom.
The article also provides a detailed list of questions and issues for organizations to consider when developing or improving a BYOD program. For example, would the organization be better served by a “corporate-owned, personally enabled (“COPE”)” or a “corporate-owned, business-only (“COBO”) strategy? How will the organization address employee separation and device disposal procedures? And if the organization has operations in the European Union, how may the forthcoming revisions to the EU Data Protection Regulation impact the company’s BYOD program? Thoughtful consideration of these and the many other issues discussed in the article should help organizations avoid implementation and compliance problems down the road.
Editor’s Note: This blog post is a joint submission with BakerHostetler’s Data Privacy Monitor blog.