It works in reverse, too. Personal information can find its way into a business productivity app. For instance, another company bought popular mobile note-taking app for its BYOD community. When the phone is compromised, the company reserves the right to remotely wipe it.
But employees had become so comfortable with the app that they began using it for personal stuff, too. They stored pictures, voice notes, recipes in the same app, because you can't have two versions of the app on the iPhone. When an employee leaves the company, they lose the app.
Bye-bye, personal data.
Beyond Splitting the Phone: Dual Persona Workarounds
It's this loss of personal data that has Mobi recommending customers perform select wipes over full wipes, even though select wipes may not include all corporate data. BYOD employees tend to get a bit sue-happy when their personal data is wiped, their privacy is violated or their location is being tracked via the mobile device
"We are continuing to advise companies to go select wipe just because there's less risk in terms of personal information," Mobi's Churchill says.
There are some workarounds to the dual-persona problem. Companies can selectively wipe BYOD smartphones for some types of employees and fully wipe smartphones for others, such as a regional vice president who has access to all sorts of business data and might take pictures of whiteboards.
There are also ways to stop a BYOD smartphone camera from taking pictures of a company's intellectual property. The BYOD user policy can require employees to enable location-based services, which, in turn, can integrate into geo-fencing. If an employee is in a certain area of, say, the manufacturing plant or company campus, then the camera can be turned off.
Also, a camera can be disabled if the phone tries to get on the WiFi corporate network.
There are an equal number of ways employees can capture business data on the personal side of their BYOD smartphone. In the above scenario, an employee can put his phone in Airplane mode and be free to take pictures. From copy and paste to screen shots to emailing documents to personal accounts to tagging business contacts as personal ones, employees can and will violate BYOD user policies.
"But that's now an HR issue," says CEO John Marshall at AirWatch. "IT is only responsible for so much. If somebody is trying to do something malicious, you can't stop that."
Sign up for CIO Asia eNewsletters.