The case of BYOD versus CIO

If you love court room dramas, the trend for bringing your own device through the company firewall offers rich potential, says Nick Booth.

Taking the stand at a hearing into a compliance violation is the most stressful thing you will ever do, or so I’m told by someone who has been through it.

The anticipation is bad enough but when the actual event gets going, it doesn’t get any easier. Being on the stand and suffering a daily grilling from one of the sharpest and most aggressive legal brains in the world is a terrifying ordeal – but great spectator sport for anyone not involved.

GavelWhich is why I’d love to see more compliance cases televised. Imagine the court room dramas that will unfold when various companies start to suffer the consequences of the Bring Your Own Device (BYOD) trend.

We could see some interesting cases. What if, for example, a board member thinks he’s lost his iPad and reports it missing, only to discover later that his daughter had borrowed it? To cover his assets, he changes his story and denies he ever lost the device. Instead he accuses the IT manager – who had the lost iPad remotely wiped – of maliciously destroying his family photos. It’s not inconceivable.

“Until the legalities of device wiping are tested in the courts, it will remain an uncertainty,” says Paul Vlisidis, technical director at the NCC Group.

Any access to an employee’s device ought to be subject to obtaining the prior informed consent of the employee, argues Mark Webber, partner and head of technology at law firm Osborne Clarke. There are many legal traps associated with BYOD. But they could be dealt with if there was good communication and consistent policy between IT departments and the users. Good communication from IT managers? At the suggestion of this, there’d be ripples of laughter across the courtroom, forcing the judge to bang their gavel and start throwing their voice around. Silence in court!

Continue, Mr Webber. “Any access to an employee’s device ought to be subject to obtaining the prior informed consent of the employee,” says Webber. So the IT manager who didn’t get, or can’t prove, that he had consent to remotely wipe any executive’s tablet is in trouble. It gets even more dangerous in pan European companies. “As you move beyond the UK and across Europe it becomes harder to obtain freely given consent from employees,” says Webber.

Vanessa Barnett, a partner at city law firm Charles Russell who specialises in technology and media law, sums up the problem: “Like The Eagles sing in the song Hotel California, it could be heaven or it could be hell. BYOD takes a hard cost out of the budget for sure, but if not thought through properly, it can be a challenge.”

So what the IT department saves on IT, they will end up spending on legal fees. It might be worth reminding them of this fact.  It would help you persuade them to spend more on IT to spend less on lawyers.

Read more on Business Tablets