The quarterly publication of the International Legal Technology Association
Issue link: https://epubs.iltanet.org/i/588021
PEER TO PEER: THE QUARTERLY MAGA ZINE OF ILTA 22 BEST PRACTICES New Device Daze: IoT and Wearables Predicting the exact future of devices might be impossible, but monitoring the ever-developing device frontier and staying informed as to how others are incorporating new technologies into their BYOD policies can be dizzying for corporations. For example, an Internet ecosystem, known as the Internet of Things (IoT), is emerging, one in which everything from our cars to coffeemakers to thermometers can communicate with and compile data from each other via an interconnected network. Wearable devices (portable electronics such as watches or even clothing) with their ability to interface with smartphones and collect audio and video data are only adding to the murkiness of BYOD policies. These developments have left the corporate world stuck in a daze. For instance, Tech Pro Research's recent study stated that less than one-third of companies surveyed had factored smartwatches and wristbands into their policies, with most companies stating that they were unsure of how to deal with wearables in the corporate environment. However, with tech companies predicting that there will be between 25 (Gartner) and 30 (EMC Digital Universe) billion IoT devices by 2020, corporations must inevitably determine how to handle the evolving tech environment as they make future revisions to their BYOD polices. Elements could include: • Requiring complex password protection, enforcing updates to the latest operating system or installing encryption software on employees' devices • Outlining strict procedures in the event of a device getting lost or stolen, including whether a remote wipe of the device is required • Integrating an Acceptable Use Policy into the BYOD policy • Determining which apps are prohibited on devices connected to a company network (including wireless networks) A BYOD policy should also touch on preservation and discovery in litigation. Companies that fail to properly preserve potentially relevant data on personal devices, such as text messages and email messages, could face severe sanctions in litigation. Companies can get ahead of the problem by adding BYOD data and sources to their ESI data maps and issuing legal hold notices that address what content must be preserved on what devices. Clearly communicate the details of the policy to employees to ensure corporate security conditions are met. Allowing employees to use their own devices is complex, but educating them on the security measures in place on their devices can make navigating the precarious blend of professional and personal less of a security risk for both a company and its employees. Iterate: Corporations should regularly audit the effectiveness of their BYOD policy, including key stakeholders and perhaps a third-party consultant in the audit process. Look at what new technologies are available and whether they should be supported. Review the current policy points to see if anything wasn't adopted or could be improved. Your BYOD policy will continue to evolve with technology and your workforce. SECURE IN THE BLUR Building a resilient BYOD policy demands a strong foundation, created through interdepartmental assessment of company resources and careful planning. The process does not end with a written policy or its initial implementation. As new technologies emerge, regulatory and legal demands change and employee privacy expectations rise, companies will avoid BYOD policy stagnation if they want to remain competitive.