Legal concerns should be a top priority for any company considering launching a new BYOD program, says Ann Marie Cullen, MobileIron's customer advisory services manager. Cullen works directly with MobileIron customers while they plan and launch their mobile initiatives.
"One of the biggest mistakes that we see customers commonly make is not involving the right stakeholders up front when developing their programs," Cullen says. "So they have to go outside of IT and involve legal, HR, and finance and compliance in developing their programs."
In one case, Cullen saw an IT department put in the time and work developing a strategy just to have the legal department shut it down just before it was deployed.
"It puts too much liability on the company, and so they had to basically go back to the drawing board again and do it with legal involved," she says.
As frustrating as that may be, that IT department is lucky the legal team intervened. A 2012 USA Today report found that the number of lawsuits alleging wage-and-hour violations grew 32% from 2008 to 2012. Employees who had sudden access to work information and apps on their personal smartphones were pressured to work additional hours while at home, and filed suit because they were never compensated. One case, involving pharmaceutical sales representatives, reached the Supreme Court last year.
Privacy becomes an issue as well. Any GPS monitoring apps, particularly when used to track an employee, can be dangerous from a legal standpoint. And even businesses that respect their employees' privacy need to make that clear, Rege says.
"The users do get worried about 'well, is IT going to see my photos, is IT going to read my SMS messages,'" Rege says. "Some of these things aren't even technically possible. But it's not a technical question; it's a question of the relationship between the two."
Another, more technologically justified concern is the extent of the employer's remote data wipe capabilities. A common solution to the threat of lost devices is to employ a remote wipe tool that allows the organization to delete all data off a device an employee has misplaced. That worked fine in the days of the corporate-owned BlackBerry, but it has caused some real-world problems for those using their personal phones.
While on a family vacation last year, Mimecast CEO Peter Bauer's 5-year-old daughter got ahold of his iPhone, which he had been using to both check in at work and take photos on the trip. After his daughter accidentally entered the wrong PIN number five times consecutively, the MDM program Bauer himself had approved automatically wiped all data on the device, photos and all.
Sign up for CIO Asia eNewsletters.