Why a Mobile Device Policy is Critical

Published December 20, 2012

The use of mobile devices such as tablets and SmartPhones in the workplace has exploded; and these devices are just as likely to be personally owned as company owned. You may have corporate policies in place for company owned computer use, but most have not considered the complex issues that arise when personal devices are allowed onto the corporate network. Here are some key areas to address:

1. Consider whether you wish to standardize on ownership of mobile devices used in the workplace. Are they all to be company issued, are employees to supply their own, or will you allow a mixture of both?

2. If plan to allow personal devices to be used for business purposes, does this rule apply to everyone or just certain employees?

3. What applications or apps will be approved for installation on workplace mobile devices?

4. What corporate data will you allow access to, particularly on employee owned devices?

5. What is your password policy for these devices?

6. Ensure you have permission (and the ability) to “wipe” the mobile device if it is lost, stolen or the employee leaves.

7. Will you allow business documents to be created and/or edited on mobile devices?

8. How will you reimburse an employee who is using a personally acquired device for both personal and business use?

9. What other existing workplace policies need to be extended to personal devices used for business?

10. Have you addressed reduced privacy expectations for personal devices used in the workplace?

11. Be sure to get written consent from employees to monitor, manage, wipe and copy data from their devices. They must also agree to produce these devices upon request and to preserve all corporate data on them. They must immediately report a lost or stolen device so that action can be taken to protect corporate data on them. You will also want to limit access to the device by friends or family.

Your corporate data is your most critical asset. Controlling mobile device use is essential to ensuring your data is protected and you are not left open to legal liability where personal property and privacy is concerned.