Are you breaking the law with your BYOD policy?
In a TEKsystems June survey of 3,500 tech professionals, 35 percent of IT leaders (such as CIOs, IT vice presidents and directors) and 25 percent of IT professionals (such as developers, network admins and architects) are not confident that their organization's BYOD policy is compliant with data and privacy protection acts, HIPAA, Dodd-Frank or other government-mandated regulations.
Half of the respondents also believe that 25 percent or more of sensitive data is at risk due to end users accessing this information over personal devices.
These and other alarming findings paint a disturbing picture: The race to embrace BYOD might be outpacing sound business practices.
There's no question the BYOD push has begun in earnest. Many employees use their personal mobile devices for work purposes. Some companies are even mandating employees supply their own phones for work. According to a Gartner survey of CIOs, half of employers will require employees to supply their own device for work purposes by 2017.
What's behind this trend? BYOD carries an array of perceived business benefits that drive adoption. The TEKsystems survey points to five:
" Greater accessibility, meaning the ability to get a hold of an employee who never goes anywhere without his or her personal phone.
" Higher employee satisfaction, meaning that employees are happier because they have the freedom to use technology that they actually want to use.
" Improved worker productivity, meaning that happy employees are more productive.
" Better customer satisfaction, meaning that IT can improve their response time to customer questions and issues.
" Cost savings, meaning that IT no longer has to pay for company-issued mobile devices if employees opt-in for BYOD.
But, again, BYOD's perception doesn't always mesh with reality.
More than half of the respondents, for instance, said BYOD was only middle-of-the-road effective to completely ineffective in delivering better customer satisfaction and cost savings. With improved worker productivity, the jury seemed split: Half said BYOD was effective, half said BYOD was middle-of-the-road effective to completely ineffective.
From the employees' perspective, it doesn't get much better.
Many respondents said that clear BYOD policies, as well as communication of those polices, is somewhat lacking. The survey results echo other BYOD experts who claim that end-user policies are filled with legal jargon that heavily favors corporate rights to access data over an employee's expectations of privacy, thus leading to a trust gap between workers and employers.
From big-time security concerns to shaky business benefits to controversial user policies, the reality behind BYOD is beginning to emerge. Companies may need to slow down and take measure before one of these harsh realities—such as running afoul of compliance law— smacks them in the face.
Sign up for Computerworld eNewsletters.