The widespread use of smartphones and tablets in the workplace is exposing more and more businesses to liability for sensitive data being compromised if these devices are lost, stolen, or hacked. How can your company protect itself against this threat – and how much authority do you have over an employee’s personal device if it’s also used for work-related activities?
What’s more, because these gizmos are small and portable, it’s easy to misplace them. (The federal Transportation Safety Administration recently leased a warehouse just to store those misplaced or left behind at airports.)
Another emerging risk linked to these devices is a “bring your own” policy that many companies have adopted as a way to save costs by having employees spend their own money on smartphones and tablets that are constantly evolving and updated. This approach raises questions about separating company data from personal information on the device. For example, when an employee leaves, does a business have the authority to wipe the information from his or her smartphone? According to some authorities, if an employee connects a personal device to a company network, the company has inherited responsibility for the data stored on it.
To deal with this risk, you need to provide every employee who uses these devices with training, updated annually, on how to respond in case of loss or theft. To minimize potential liability for lawsuits by customers and clients, make sure that the individual responsible for the mishap informs management immediately. The compromised information might include everything from sensitive data (financial or medical) contacts, photos, call history, personal notes – you name it.
You can also use insurance to protect yourself against losses from data breaches. A policy will provide Liability coverage that deals with legal costs and third-party expertise (such as forensics firms to analyze a breach and call centers to provide information and public relations. Coverage might also include services such as access to tools to estimate costs, a checklist for your planned response to a data breach, and access to experts who can answer questions and review your company’s policies and procedures.
For more information, feel free to give us a call.