Who owns the business Smartphone? Mobile Device Liability
Today’s enterprises have already learned how to deal with the complexities of their mobile employees and the information carried in their laptop computers. After all, the information in those laptops is confidential and owned by the corporation. Those same complexities-and many more-now arise from the employees’ use of smartphones. Often, the data in a smartphone is just as sensitive and critical to the company as data in computers. Issues of security, compliance, legality, trust, and of course cost all need to be addressed. All of these issues give rise to the biggest question of all-who should own the enterprise smartphone-the employee or the corporation? Smartphone use among U. S. -based information workers is expected to triple by 2013, according to Forrester Research Motorola Edge 30 Ultra-Full Specifications. It seems that the decisions and strategies surrounding the control and ownership of these devices should be made sooner than later. The cost of ownership is perhaps the easiest aspect to calculate. It might seem like just reimbursing an employee for a flat percentage of the bill from their own phone would be a quick and easy way to go. But there are hidden costs to consider, including the support costs of accounting, billing, and asset management, and for controlling things like overseas roaming charges. Not to mention keeping track of how and where the connection charges are occurring in the company, this can yield valuable information on the true costs of enterprise mobility. Corporate-owned phones come with their own set of problems, like supporting the plethora of different phones and carrier types. Think again if you believe that you can just issue the same phone to everyone to control that complexity. It’s usually the best performers, the hardest employee-type to recruit, who insists on having his or her own type of phone, “because it’s worked for me in the past. ” Even though it seems obvious that there is need to control employees’ equipment and use-after all, there are hundreds of emails, calendars, documents, and confidential customer information stored on these smartphones-an increasing number of companies are loosening their hold on employee-owned handheld devices that are used for business purposes. Today, half of the smartphones in use among U. S. and Canadian businesses are not company-issued equipment, according to a recent report from Forrester Research. Most companies are still grappling with the question of who should be liable for these devices. In this debate, there are still many unanswered questions and hidden trapdoors, including: What is meant by “liability”? What are the legal aspects that must be considered? How can i start to build a strategy that is meaningful and balances the needs of both the company and the employee? There are many types of liability associated with owning and using a smartphone, including financial, regulatory, compliance, privacy, and legal liability, to name just a few. Financial liability is perhaps the easiest to understand. It would seem obvious that paying for individual liable (IL) carrier plans would be the responsibility of the employee. But what if the employee racks up a $5000 bill on a three-week business trip to Europe? And what if that employee uses a corporate liable (CL) phone to conduct an illegal activity with large financial consequences, like using the camera feature to take a picture of a competitor’s confidential documents? If you are in an industry with stiff regulatory and compliance considerations, it would be more likely that stronger controls and CL smartphones would be the norm. Of course, it is the data on that phone, and not the phone itself, that needs to be managed. In a larger company with adequate IT staffing, keeping sensitive data away from the phone with specialized software and firewalls is relatively easy. But what about smaller companies that allow phone access to company records on the company’s private intranet? Financial services and medical companies can have very high financial and legal ramifications for misuse of private data that might end up on a smartphone. Many of these companies require all corporate data to go through company-issued computers (and not phones) that have elaborate encryption and other data protection mechanisms. But “privacy” can have another definition. How about protection of employee-owned information that resides on a CL smartphone? Does the employer have the right to look at All of the data on the phone they own, even if they might happen upon some embarrassing photos?