BYOD? Leaving a Job Can Mean Losing Pictures of Grandma

In early October, Michael Irvin stood up to leave a New York City restaurant when he glanced at his iPhone and noticed it was powering off. When he turned it back on again, all of his information—email programs, contacts, family photos, apps and music he had downloaded—had vanished. The phone looked "like it came straight from the factory," said Mr. Irvin, an independent health-care consultant. It wasn't a malfunction. The device had been wiped clean by AlphaCare of New York, the client he had been working for full-time since April. Mr. Irvin received an email from his AlphaCare address that day confirming the phone had been remotely erased.

As more companies allow and even encourage employees to use their own phones and tablets for work activities, often referred to as "bring your own device," or BYOD, an unexpected consequence has arisen for workers who have seen their devices wiped clean—remotely and with little or no advance warning—during or after employment by firms looking to secure their data. Twenty-one percent of companies perform remote wipes when an employee quits or is terminated, according to a July 2013 survey by data protection firm Acronis Inc.

(snip)

Phone wiping is just another example of the complications that emerge when the distinctions between our work and personal lives collapse. Employers increasingly expect workers to be available 24/7 but don't always provide company equipment to make that possible, leaving workers in a bind: Expose themselves to losing personal information when a phone is erased, or refuse to use a personal device and risk looking disengaged. The practice hangs in legal limbo at the moment, say employment lawyers and privacy advocates, thanks to the inability of legislation and case law to keep pace with innovation. The Society for Human Resource Management in November warned its members that phone wiping "will likely be tested through the courts in the days and months ahead."

(snip)

Many employers have a pro forma user agreement that pops up when employees connect to an email or network server via a personal device, he added. But even if these documents explicitly state that the company may perform remote wipes, workers often don't take the time to read it before clicking the "I agree" button.

(snip)

Since the BYOD trend started gaining momentum about two years ago, most large companies have adopted mobile device management systems to cover the expanding number of tech products that workers tote around.. The latest versions of the software allow IT staff to surgically remove work-related material from a smartphone or computer, a feature that is becoming a best practice in the field. Mr. Gordon of Littler Mendelson counsels clients to have a BYOD user agreement that tells employees what will happen to their phones if they separate from the company. "If the employer is deliberate about letting employees use their personal devices for work, they can eliminate the risk," he said. And employees, he added, should back up devices regularly to a cloud program or personal computer. That can still create data protection issues for employers, and companies should forbid workers from backing up corporate data—or at least have a policy saying that. "Whether or not people will follow that policy is hard to say," he said.

http://online.wsj.com/news/articles/SB10001424052702304027204579335033824665964

(If you cannot open by clicking, try copy and paste the title onto google)