When we slide our fingers across our smartphone or tablet screens fifty times a day, we do it unthinkingly, expecting memories, tools, files, and entertainment to open without incident. So imagine you key in your 4-digit passcode and find a blank screen staring back at you. The standard apps are there, but they don't contain any of your stuff. It's like a factory re-set.
Except the maker of your device didn't reset it. Your company performed a remote data wipe. Rather, the company you used to work for before you quit last Friday.
It happens more often than you think. According to a survey by data protection firm Acronis Inc, 21 percent of companies already perform these types of erasures on personal devices when an employee leaves the company, whether it's on her own terms or whether she was fired. In the wake of BYOD (bring your own device), companies are striving to protect their data from dangling around on the internet. In this eWeek article, technology consulting firm Ovum explains why it's so risky:
"BYOD multiplies the number of networks, applications and endpoints through which data is accessed. These are the three main points at which data is vulnerable; so, if left unmanaged, BYOD creates a huge data security risk.”
In response, companies have become more and more conservative about their BYOD policies. And that means more and more employees are losing irreplaceable pieces of data – like photos of relatives. According to the WSJ, the National Workrights Institute said that phone-wiping is now the most common issue brought before them for legal support.
Right now there's no precedent for the issue of lost phone data. The only “legal remedy” that could be employed here is a “computer-trespass statute,” or a law that was developed to prosecute hackers, according to Philip Gordon, co-chairman of Littler Mendelson's Privacy and Background Checkgroup. Another huge unknown would be the compensation sought after, since replacement photos clearly don't exist, and applying monetary value is dicey territory indeed.
One of the companies singled out in WSJ for performing remote data wipes says they have no responsibility to protect your photos of Grandma. After all, you signed the agreement. (AKA scrolled through a lot of tiny text and clicked "I agree" at the bottom).
Yet, couldn't this be avoided with some form of advance warning? Here is where the argument becomes circular. If you provided advance warning, might the employee start backing up company data alongside personal? For that matter, if an employer were to encourage backups from Day 1, would the potential for abuse exist there, too? And even if there was a policy forbidding workers from backing up corporate data, how would it be enforced?
What's obviously needed is some sort of virtual division. But when our phones are extensions of our lives, both personal and professional, drawing that line is difficult at best.
However, there are a couple of techy options, currently in their infancy, that are rapidly evolving with heightened demand. In general, monitoring the flow of data to and from a mobile device is called MDM, or mobile device management. At the same time, a new term has arisen to explain the concept of dividing work from personal affairs, and that is "containerization." It's pretty easy to understand in a physical sense -- you have your work "container" over there in that corner, and it is sealed and separate from everything else in the "room." Technically, this will be known as an "encrypted zone" or "policy bubble" which is password protected and through which the company can perform anti-virus scans and, if necessary, data locking or data wipes. AT&T has developed a mobile management service called Toggle which works this way. The other crazy part is that dual data plans could then be enacted. One phone number for you, one phone number for work -- but both accessed on the same device.
As long as BYOD continues in the workplace, whether or not there's a policy in place, it's probably prudent for large employers dealing with sensitive information to adopt one of these new services. (You don't really want to trash those photos of someone's Grandma, do you?)