The majority of the offenders don't believe this is wrong, either. Sixty-two percent of employees say it is acceptable to transfer work documents to personal devices or online file sharing apps. On the tech front, 42 percent believe a software developer has some ownership of his work and do not think it's a crime for him to reuse the source code, without permission, in projects for other companies.
It's no surprise that companies feel a need to rein in BYOD, given its supporting role as the getaway driver in intellectual property theft.
"Corporations will side step from BYOD in 2014 to the more practical use of COPE," says Bob Janssen, CTO of RES Software. "With COPE devices, organizations will have greater control and security over the devices used by employees. The device will then have the ability to be used personally and professionally, and will be able to switch between the two contexts."
COPE devices have some enormous advantages when it comes to data security, says attorney Paul Starkman, who heads the labor employment group at law firm Pedersen & Houpt in Chicago. For starters, he says, COPE acts as a deterrent — that is, employees are less inclined to steal using a corporate-owned device.
Many companies also get cyber-risk insurance to protect against lost or stolen devices with sensitive information on them, such as social security numbers or customer health information, but those policies don't cover personally-owned devices. When a legal dispute arises, law enforcement will often help get the device back if it's company property, not personal property.
How Much Privacy Does COPE Imply?
COPE's biggest advantage might be in the judge's mind. An employer needs to have authorization or consent to pull data from a device, Starkman says, and it's much easier to establish that the employee has no expectation of privacy when using a corporate-owned device than a personal one. This allows companies to search a device for evidence of intellectual-property theft.
"It's a much easier sell to a judge to say, 'This is a company-owned device, and while we let them use it for personal use, we told them that whatever they do with it, they need to understand that personal activity is open to scrutiny and may be monitored,'" Starkman says.
On the other hand, COPE's greatest danger is giving a false sense of security to IT. While there may be no expectation of privacy for employees, Starkman advises companies not to go snooping into personal stuff. "You don't want to cross into password-protected personal accounts and websites and social media," he says. "COPE is not a full-proof plan."
In the case of Borchers v. Franciscan Tertiary Province of the Sacred Heart, Diane Borchers, a food service director, was issued a computer with a written policy permitting "occasional personal use." In 2007, she reported to human resources that she was being sexual harassed by her supervisor, Michael Frigo. (The follow-up internal investigation found no evidence.)
Sign up for Computerworld eNewsletters.