BYOD: Pros & Cons

In today’s world, nearly every aspect of life is affected by computer technology and increasingly we can notably appreciate this social change through companies and business.

For example, the culture of BYOD (“Bring Your Own Device”) is already a fact we can find in multiple types of companies and sectors.

It is often said that benefits are multiple. Companies save money and employees are more committed and available. Besides, there are advantages for the workforce as it helps reconciling family life.

In Europe, current Case Law allows companies’ access to all their devices when employees have been clearly informed

However, there are privacy issues that we may not forget. Firstly, there are risks of data leakage when companies allow their workforce to use their own devices to complete work duties. Personal devices are usually shared with family and friends; they may also include other apps o items less secure that could lead to lose control over data, as information may be replicated in multiple places. From my point of view, it may be possible to embrace the BYODs benefits without undermine privacy and confidentiality business information, but not in all situations.

A case-by-case assessment shall be needed. While it is true that BYOD benefits are multiple, it may not be appropriate for the processing of certain information or work duties.

After an evaluation of the potential offshoring tasks and an accurate classification of information, a personalized privacy policy can be shaped and might permit using BYOD in certain scenarios such as contact means or internal communications, whenever confidential information is not exposed. However, it would still be necessary to introduce specific means to control the use of removable storage devices / media, in order to prevent a potential information leakage.

Beyond this, the control over the information could be critic, as in fact, it could only be effective when the company has a real control over all devices.
In Europe, current Case Law allows companies’ access to all their devices when employees have been clearly informed about the security and privacy policy established. However there is a possibility that this principle may not apply to BYOD as the consequences might be different, since we are talking about personal devices.

The question is; even if we already have the workforce consent would it be enough to justify the company’s access to a private device? In my opinion the answer would be negative, due to the employees protection tendency that is also being reinforced with the new EU Regulation.

To sum up, it seems to me that we have to be cautious not to be blinded by the amazing colours of technology while both Regulations and Case Law are still not clear.