A recent court ruling in Texas has raised some very interesting issues around enterprise mobility management (EMM) and BYOD. Saman Rajaee, who was working as a salesman for homebuilder Design Tech Homes, sued the company after they remotely wiped personal data from his iPhone shortly after he had handed in his notice. It is clear that no documented mobile IT policy was in place. The case was dismissed in federal court but is still pending at state court level.
So what can we learn from this case, for both employers and employees?
First and foremost, it highlights the need for education and clarity around BYOD policies. Employers need to make their staff aware of what they can and cannot do when connecting personal devices to a corporate network, and whether their device might be wiped if the employee leaves the company.
Likewise, employees should ensure that they understand their company’s BYOD policy and the implications for their personal data. In this case, Rajaee would have known that his employer was going to remotely wipe his device on leaving the firm.
It also highlights the importance of having an enterprise mobility management solution in place that separates personal from corporate data. In this case, Design Tech Homes could not do that, resulting in the company completely wiping his device, which included hundreds of business and personal contacts as well as photos and passwords. Solutions such as MobileIron enable IT administrators to selectively wipe corporate data from a personal device while leaving personal data untouched.
Another interesting aspect of this story is that neither Rajaee nor Design Tech Homes could say exactly when or how Rajaee’s device connected to the company server in the first place, suggesting that the company did not have clear guidelines in place regarding who could access the network and how it is accessed. This creates confusion among both employees and employers.
There are three key lessons to take away from this case.
1. Both employers and employees need to agree to a shared mobility policy. Employees need to know about their employer’s policy, what happens to their device when it connects to the company network and whether there are circumstances in which it could be remotely wiped.
2. If employers are going to allow BYOD, then they need to have effective policies and EMM solutions in place that protect business and personal data.
3. Organisations should agree on a mobility strategy at a corporate level to help address the predicted market growth in BYOD and the associated challenges that adoption will bring.
Trust and cooperation are crucial to the success of BYOD, and without a proper mobility strategy in place, we could see further legal cases between employers and employees.