Blurred Lines is not only one of this summer’s breakout songs (and the subject of a copyright lawsuit), but is also the theme when it comes to the commingling of enterprise and personal data on mobile devices.
My current research explores the technical controls that can be successfully deployed to balance enterprise information protection needs with employee personal privacy expectations on mobile devices, as well as best practices for Corporate-Owned Personally Enabled (COPE) and Bring Your Own Device (BYOD) programs. Interestingly, as I get deeper and deeper into the research I’m finding that many of my assumptions were just plain wrong:
- Companies are not using solely one approach or the other, many seem to have a hybrid COPE/BYOD environment
- Many organizations do not have mature, developed programs rolled out but rather are still in the preliminary planning/test phases
But that’s good, because that’s the whole point of doing thorough research. I’m learning a lot about this area including, perhaps most importantly, that technology as a whole is just at the tip of the COPE/BYOD iceberg. And not just in the US, but across the globe. To complicate the subject further, both the devices and the available apps and software are constantly evolving. Talk about a moving target.
And that’s just from the technical perspective. There are big privacy issues to be addressed here too. How has your organization grappled with:
- What happens when employees install apps with personal information or use corporate-provided file-syncing resources to store personal photos and documents on a COPE device?
- What if an employee opts in to a BYOD program only for both parties to learn after the fact that her geolocation data is now available to her employer?
- Should organizations develop secondary privacy policies governing the data being collected through their BYOD programs in addition to their external facing privacy policies?
There are many more questions than answers, but if your organization is discussing, or has resolved, any of these issues, I’d love to hear about it! For now, back to the research. Keep an eye out for the final product sometime this fall!
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.