The moral of that story: If mobile data is collected, you will get blamed, no matter whether you see the data or not.
Your mobile policy has to address what you will allow vendors to collect about your customers, your employees and your partners. It should spell out how much of that your company should see. It should lay to rest the question of whether third parties will be allowed to collect data that you won't see. It needs to establish how you will inform your customers, employees and partners about this data collection, if at all. (There are legitimate arguments on both sides.) And you need to make your policy precise enough to be useful while not being so detailed that it is incomprehensible to people who aren't that technical.
There are few areas that are more complex, more controversial and more politically dangerous than mobile data collection. You may find that simply having these conversations will change not merely your policies, but your strategy and how you approach it.
Sign up for CIO Asia eNewsletters.