In the modern, fast-paced business world, empowering the employee with the flexibility to use their own device for business purposes is no longer than just a perk; it’s now a necessity to remain competitive. That’s is why in recent years, a significant number of companies have chosen to adopt a BYOD policy. According to TechRepublic, 85% of enterprises allow their employees to access data from personal devices.
However, allowing employees to use their personal devices for work is not without consequences. Unlike company-owned devices, managing BYOD devices are far more complex and time-consuming. For regulated companies, it requires a well-articulated policy in order for them to capture and record mobile SMS, phone calls, emails, and other work-related communications and files stored in those devices – all without breaching any existing data protection or antihacking laws. Unfortunately, achieving such a balance still remains a challenge for most organizations.
The Grey Area BYOD and Compliant Mobile Archiving
Despite the wide adoption of BYOD policy, many companies and employees are still unaware of the issues that could arise in addressing both compliance and privacy. Such was the case with Paul Iacovacci, an ex-managing director at Brevet Capital Management LLC after he sued his former employer in 2018 for allegedly accessing his home computer to read his personal emails and steal data stored on personal hard drives.
In defense, Brevet denied that the company hacked into Mr Iacovacci’s computer, saying that the computer was Brevet’s property because the company purchased it. Brevet’s employee handbook said the company reserves the right to read, access or monitor all electronic documents stored or processed on Brevet’s computers, including “documents and messages which don’t directly relate to Brevet’s business.” The company also stated that Mr Iacovacci acknowledged his receipt of the handbook every year.
As the Wall Street Journal stated, such cases test the boundaries of how much authorization employers have to view the contents of personal devices of their employees while they are plugged into work devices. Given the strict SEC and FINRA archiving requirements, financial companies that have don’t have a detailed BYOD policy in their workplace, as well as their employees,can surely suffer the same fate as Mr Iacovacci and his employer.
Resolving the Conflict Between Compliance and Privacy Amidst BYOD
In most regulated industries, the employers have the right to access and obtain business-related communications stored on personal devices used for work. If the employees are paranoid about employer surveillance, then they should not be allowed to use their personal device in the workplace. But given the wide-adoption of BYOD among employees, such a measure is not foolproof.
To make BYOD effective in your workplace and ensure compliant access and archiving of text messages, phone calls, and emails created on those devices, here are some strategies that you should implement:
- Have a clear monitoring policy. This can range from how much monitoring your IT department is allowed to have over their device, which contains their personal information, as well to when and where using the device is appropriate.
- Be clear about the allowed devices. Optimally, employees can choose the devices they can use but are not allowed to use jail-broken devices or certain apps that compromise the data security of the organization.
- Set boundaries. While most employees want to use their personal devices, many of them are also uncomfortable if their company has too much access to their personal data, much of which is stored in their phone. Giving your employees the peace of mind about what is and isn’t appropriate access by the company can go a long way toward making the BYOD policy comfortable for all involved.
- Be transparent. Before allowing access to the company data, be sure all parties, including management and IT, are explicitly clear on the policy rules if there’s a crossover between company access into personal data, state how the company will protect that personal information, and within what limits that protection is expressly stated.
To further ensure compliant retention and supervision of critical business communications, TeleMessage offers Mobile Archiver solutions for financial firms that need an enterprise-grade messaging app that will enable their advisors to stay productive and their company to stay compliant.
Our Mobile Archiver solutions capture and record mobile content, including SMS, MMS, Calls, and even chat logs from popular apps such as WhatsApp. Messages are securely and reliably retained within TeleMessage servers or forwarded to an archiving data storage vendor of your choice.
Our mobile archiving products securely capture content from mobile carriers and mobile devices for a variety of ownership models (BYOD, CYOD, and employer-issued). With our multiple archiving solutions, you can always find the right tools or blend for your requirements:
TeleMessage offers cross-carrier and international mobile text & calls archiving for corporate and BYOD phones. Visit our website today at www.telemessage.com to learn more about our mobile archiving products.