Employee-Owned Devices Muddy Data Privacy Rights 165
snydeq writes "As companies increasingly enable employees to bring their own devices into business environments, significant legal questions remain regarding the data consumed and created on these employee-owned technologies. 'Strictly speaking, employees have no privacy rights for what's transmitted on company equipment, but employers don't necessarily have access rights to what's transmitted on employees' own devices, such as smartphones, tablets, and home PCs. Also unclear are the rights for information that moves between personal and corporate devices, such as between one employee who uses her own Android and an employee who uses the corporate-issued iPhone. ... This confusion extends to trade secrets and other confidential data, as well as to e-discovery. When employees store company data on their personal devices, that could invalidate the trade secrets, as they've left the employer's control. Given that email clients such as Outlook and Apple Mail store local copies (again, on smartphones, tablets, and home PCs) of server-based email, theoretically many companies' trade secrets are no longer secret.'"
Who profits by muddied waters? (Score:5, Interesting)
Who profits by muddied waters? Wasn't this all figured out decades ago when employees got home telephones and occasionally talked business on them?
Re: (Score:2)
Or at least composed an email using outlook webmail?
People have been doing business communications from home computers for a long time. AJAX was developed initially to make that work better.
Re: (Score:2)
AJAX was developed initially to make that work better.
What? What does AJAX have to do with working from home?
Re: (Score:2)
You might want to read up on how AJAX came to be.
Re: (Score:2)
You're right, it was for new updates on MS's homepage initially, it wasn't until the next year it was used for Outlook Web Access.
A couple years later it was included in Gecko, and the first time it blew my mind was using google maps years later.
Re: (Score:3)
What does AJAX have to do with working from home?
If they made Ajax to clean that messy work crap from your computer, that would be something.
Re: (Score:2)
Re: (Score:3)
Sure you can.
Phone has an outlook client, automatic email login, and no password.
Phone can connect to Outlook, where someone emailed an Excel document with a few thousand customer SSN's, credit card numbers or other contact info. Employee checked the "remember password" button, so it automagically logs in.
Phone gets lost, someone picks it up, downloads document to phone memory. One SD reader later, Excel document is in the hands of someone who has "fun things" to do with the excel document's information.
Hey
Re:Who profits by muddied waters? (Score:4)
I said phone, not cell phone or smart phone. You know, those ancient analog devices mounted on the wall from the day and age mentioned in GP, before cell phones were widespread. You speak into them, and they don't connect to the internet or remember your recent contacts. We are still talking about
decades ago when employees got home telephones and occasionally talked business on them
right? Maybe I'm naive, but I don't seem to remember Outlook from a phone being possible back then.
Point being, in the time when this figured out, you didn't have to worry about what kind of sensitive data was stored on a device with no storage capability.
Re: (Score:2)
Sure you can.
Phone has an outlook client, automatic email login, and no password.
Phone can connect to Outlook, where someone emailed an Excel document with a few thousand customer SSN's, credit card numbers or other contact info...
If anything this is an example of why documents with sensitive information shouldn't be sent through email unencrypted at all, even between two addresses on the same corporate server. Make it secure, and make opening the file require use of a system that cannot enter the username/password automatically for the user.
Re: (Score:3)
Make it secure, and make opening the file require use of a system that cannot enter the username/password automatically for the user.
So the user will just choose a weak password.
I'd rather the user have a strong password set by the IT Department and auto log them in than have an easily cracked password. Having the user enter a pin to unlock the password manager, this protects against casual theft and buys some time until the user credentials can be reset. But if a sophisticated (or even the average /.er) adversary is considered a threat then the user shouldn't be given remote access to email.
Re: (Score:2)
Home telephones don't store data (except the occasional phone number), so smartphones add a new aspect. The Uniform Trade Secret Act (UTSA) is pretty much silent on what constitutes "efforts that are reasonable under the circumstances to maintain its secrecy", so there's plenty of room for muddied waters there.
Re:Who profits by muddied waters? (Score:5, Interesting)
Back then you couldn't just connect a phone to another device and retrieve and make public everything that was transmitted on it.
Sure you could. Darn near 30 years ago my father had a terminal at home hooked up to a printer. And 40 years ago my grandfather had a reel to reel tape recorder hooked up to the phone (business purposes, something about dictation services and the then new concept of documenting conference calls with engineering consultants). This is old old old old case law. So I ask again, who profits by dredging this up and muddying the waters with a fake sheen of newness?
See the thing about IT/CS, is there's never really anything new, its just all recycled over and over, everything, and the noobs always think they as the youth of American are the ones who invented it. There is some old saying about every generation of teenagers think they're the first generation to invent 1) rebellion and 2) music and 3) sex and everyone old enough to see the pattern just laughs.
Re: (Score:2)
Now it's on the Internet. That makes it different.
I originally wrote that as a snarky statement, but on reflection there is some truth to that. The case law for 'ownership' of data traversing the Internet is different from that on a POTS line or a tape recorder at home. It may well be, an a lawyers' universe, that a totally different outcome is to be expected.
Or at least argued.
Re: (Score:3)
The internet is irrelevant to the conversation. It is just a conduit to making something public. It is the "making public" and "who owns what data" parts that are important. All the internet does is make the dissemination easier and possibly wider spread. What is germane is "who owns what data when you connect to a company's systems," and "what rights do people have with respect to their own devices connected to a company's systems?"
The decisions with respect to rules and/or law that will eventually come ou
Re: (Score:2)
Why link to another Galen Gruman article? (Score:5, Informative)
If InfoWorld cannot get enough hits on his articles by themselves (see other discussions here) then why does Slashdot have to link to them?
How to thwart the high priests of IT
http://it.slashdot.org/story/11/12/18/2154224/how-to-thwart-the-high-priests-in-it [slashdot.org]
Seriously?
Re:Why link to another Galen Gruman article? (Score:5, Interesting)
What's really funny is that Galen "I'm a fucking moron" Gruman just wrote this second article, which was the answer to why those supposed "high priests" - really, IT people trying to implement the policies put forth by PHB's high up the chain and legal teams trying to stop the risk of trade secrets going out the door - did the things he didn't like in the first article.
Re: (Score:2)
Re:Why link to another Galen Gruman article?
Why? Because he's self-satirizing! He's never had a real IT job, yet he condescends to lecture those with decades of hard-earned "lessons learned" who have seen this plan go belly-up before.
This is just another pendulum swing. Another 7 years and it'll be swinging the other way due to some highly publicized lawsuits and jail terms.We'll see ol' Galen eat crow then. In the mean time just grin and bear it; it' can't be stopped.
--
.nosig
I've kind of felt that... (Score:5, Insightful)
I've kind of felt that personal devices like phones and such should be treated as extensions of your own mind. For example, they should be covered by the fifth amendment.
This means, from a trade secret standpoint, that transmission of the secret from your device to an unrelated third party should be treated as if you personally wrote out the trade secret and sent it. And if your device was hacked, it should be legally treated the same as if you were conned into revealing the trade secret. But you employer should have absolutely no rights with regards to examining what's on your device. It should be treated as a black box.
Re:I've kind of felt that... (Score:5, Insightful)
Re: (Score:2)
It can happen with your own mind, but it's very hard and require a superbly deft con-artist to accomplish. But yes, I agree, that's a fly in the ointment. We need some major improvements in security technology for software. It's a 'non-trivial' problem.
Re: (Score:2)
Re: (Score:3)
Sure it will, at least in some cases. Haven't you ever seen anyone infected with either the Cuervo or Stoli virus? Some are even susceptible to the Coors attack.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
While I can understand doing that, and sometimes do things that way myself, I find it highly inconvenient and annoying. My personal devices are like my house. I set them up a certain way and expect things in certain places. It's far easier for me if I have my own 'house' to work in. My employer will get higher quality and quantity from me if I do things that way.
Ah, the counterpoint to "Death of the IT Guru" (Score:4, Insightful)
They were written by the same guy. (Score:5, Insightful)
That series of articles was written by the same guy writing this article.
Which are exactly the points that everyone here brought up in response to those previous articles.
And those reasons are the reasons why companies do NOT do what he claims that they ARE DOING now (and the point of his previous articles).
Who "owns" the work you do for the company on your personal computer? What rights does the company have to your personal computer when you leave?
Why even get into a discussion of that? The company issues you a laptop to use at home and you are supposed to use that laptop for company work. When you leave, the company gets the laptop back.
No questions. No problems.
But simple solutions like that do not generate articles about how companies are allowing employees to bring whatever they want into the company and connect it to the company's private data.
Even though he had not interviewed a SINGLE CIO from any company in the health-care industry stating that they did what he claimed they did.
Re: (Score:2)
Then why is Slashdot still accepting stories written by him?
He is a troll and just an average Joe trying to flamebait his way to hits to CIONetworkWorld mag or whatever it is. He is an idiot and not an actual I.T. visionary, editor, or CIO who is qualified to write a well documented article relevant to I.T. in the enterprise.
To keep it simple I.T. exists for a reason. It exists to manage computers and networks so the business can make money. If employees manage it then it defeats the purpose of I.T. in the
I am agreeing with you. (Score:3)
As I've posted before ...
The purpose of corporate IT is to ...
allow company approved people to
access company data
using company approved apps
on company approved hardware
at company approved locations
with company mandated security methods
on the company approved IT budget and staffing level
to keep the company in business and out of court.
And I think that is the c
Re: (Score:3)
Then why is Slashdot still accepting stories written by him?
He is a troll and just an average Joe trying to flamebait his way to hits to CIONetworkWorld mag or whatever it is. He is an idiot and not an actual I.T. visionary, editor, or CIO who is qualified to write a well documented article relevant to I.T. in the enterprise.
Much like it drives views to his site, it drives views to Slashdot. It's why we see so many Apple vs. Google vs. Microsoft vs. whatever stories. They drive views and posts, which create ad impressions.
Far from the story writer being an idiot, he's a genius. Despite knowing dickall, he has tons of people viewing his story. Getting him paid. "Who's the more foolish, the fool, or the fool who reads him?"
Things folks don't think about. (Score:5, Informative)
There are a few things that the users who want company (email/data/whatever) on their personal (iCrap/PC/whatever) don't think about.
1) Is the remote wipe functionality such that if I have to zap your device it will only nuke the company data? Are you willing to lose ALL the data on your phone? I've heard about folks suing their employers over this.
2) If I suspect you're up to no good and you're using a company device I can take that device and conduct forensic analysis on it. If it's your personal device I can't force you to surrender it.
3) Are you willing to pay for whatever security software IT mandates?
I know there are some Mobile Device Management packages out there working on this, and hopefully the best practices will all be sorted out soon. However coming up with these best practices (and buying the software/etc to support them) is not free. So to the employee they think "Hey, this doesn't cost you anything! I bought the phone!" But they don't see the TCO at all.
Re: (Score:2)
1) It's total destruction.
2) This is their problem, not mine.
3) No
The first one I only accepted because well it could get lost or stolen, I should have backups anyway and hopefully it'll be as rare as actually losing the phone. It's remote wipe, not remote control. But I might also not run to IT security until I'm sure it's gone for good. As for the last point, that I have everything on one phone means I'll carry it almost always. If I had to have a separate work phone, well then if I'm not on call with pay
Re: (Score:2)
1) It's total destruction.
2) This is their problem, not mine.
3) No
1) It doesn't have to be
2) If you're employeer has reason to believe you are a risk then I would say it is your problem. Most data transfer activities can be prevented and logged.
3) Many people do. Secure e-mail clients for Android are $19. The only reason to use one on an iPhone is if you want to limit the wipe to corporate e-mail and/or don't want a passcode for the phone (just e-mail). This assumes the company has appropriate security policies in place (ActiveSync, etc.).
Re:Things folks don't think about. (Score:5, Insightful)
I know there are some Mobile Device Management packages out there working on this, and hopefully the best practices will all be sorted out soon.
Don't need them. All you need is rdesktop/VNC/SSH. Some companies have been working "in the future" for a couple decades now, some still aren't in the present.
Is the remote wipe functionality such that if I have to zap your device it will only nuke the company data?
Yeah.... go ahead, wipe the vmware image my wife connects to via rdesktop. Its not going to affect her phone, desktop, tablet, work laptop, home laptop, etc.
Its conceptually not much different than allowing remote webmail access.
Key logging. (Score:3)
Probably not. But that is only half the question.
The other half is ... can it leak company information via your wife's "phone, desktop, tablet, work laptop, home laptop, etc".
And for that answer, you have to postulate massive infection on your wife's device. And a Russian cracker on the receiving end. Can that Russian cracker use the information gathere
Re: (Score:2)
But if you kept a backup, their remote wipe is ineffective, and companies have no technical means to keep you from backing up their data on your machine (home PC, smart phone, iPad) and no technical means of erasing it or even discovering that it exists.
For example, the employee may be using one of those web services that backs up all his information to "the cloud." Now the company's info is now on the employee's personal device and there are also and unknown number of copies on servers that neither party
Re:Things folks don't think about. (Score:4, Interesting)
Re: (Score:2)
It seems like a common-sense workable policy like yours is threatening to some of the IT dinosaurs on this board, who fear the loss of control. What they really fear is change - they were the same people in the early 80s fighting to keep PCs out of the office. In fact, I remember many of the exact same arguments being used (loss of central control, who will be responsible, etc).
Re: (Score:3)
Of course, once you add human beings and their conflicting needs and desires into the mix the grey areas abound. The problem for this kind of person comes comes when they start
Re: (Score:3)
What happens when the company gets sued and the lawyers need to do electronic discovery on the device? Are there backup devices available for employees while their personal devices are forensically imaged and unavailable to them for however long that process takes (usually a couple of days at minimum if they are lucky)?
Are the employees going to be happy when all of their personal correspondence, family photos, etc are vacuumed up as part of the evidence collection process?
Of course the photos will never b
Jurisdiction (Score:3)
Re: (Score:2)
Liability too. What if the employer gets sued for wrongful termination or sexual harrasement? Every email would need to be subpeoned. ... oops what this person did it from a personal IPhone with her gmail account and there is no record! Cha-ching $10 million rewarded to X, as it is evident the employer was negligent to allow IPhones on network to hide all their horrible deeds etc! You would be surprised what the lawyers can conjure for something like this is not silly at all.
Employers have a right to be assholes. You are there to work and not play with the latest toys. They have a right to know what is going on and manage their data and employees. That is just life and liability, legal, as well as them supporting your systems in a prompt manner so you can get work done is their responsibility and not yours.
Is your employer responsible for car repairs to get you to work too? Where does it end?
Corporate email to/from Gmail can be captured by corporate systems. iPhones can be kept off corporate networks via certs. Gmail to Gmail can be subpoenaed, and the company's liability would be dependent on their action if reported. The person on the receiving end will most likely keep a record if they intend to pursue punishment/resolution. If there's no record anywhere, it's he said/she said and the lawyers make more money than anyone else.
Re: (Score:2)
Your argument about subpoenaing emails completely flops. If it involves emails sent to/from a company email account, they will be retrieved from the company mail server. It does not matter what kind of device is used to connect to that server or who owns it.
If the subpoena involves a personal device and a personal account, the process would be the same as it is if a company does not allow personal devices on their network. You are aware that iPhones work completely independent of a company network, right?
In
Re:Things folks don't think about. (Score:4, Insightful)
I think their concern is more the opposite. They aren't afraid that they wouldn't be able to produce email - they're afraid that they WOULD have to produce email that they should have destroyed.
Many employers destroy email after a fairly short period of time - they define it as unofficial and not to be retained. They make sure that all emails and their backups are destroyed in accordance with this policy, so that if they are subpoenaed they can just point to the policy and say that they don't have anything to turn over, and an audit would show them to be in compliance with their policy. A court can tell them to stop deleting emails relevant to a case after the subpoena is issued, but they will not punish a company for deleting emails that it had no legal requirement to retain.
However, if the employee points out that their boss uses a gmail account and refers to some Google webpage that states that law enforcement can retrieve email for a period of a year or something, then a court would almost certainly allow them to subpoena copies of anything that Google has, and Google would turn them over.
As others have pointed out, if required to keep email the employer could do this on their end as long as the email at least passed through their servers, although if an employee sticks their gmail account on their business card then all bets are off...
Simple, really (Score:5, Informative)
Many large companies have very simple policies about this for this very reason: ABSOLUTELY NO DEVICES NOT COMPANY SUPPLIED ON THE NETWORK. If the company is counting on trade-secret status for things like customer lists of course this is going to be in jeopardy once the customer list is loaded onto a non-corporate-owned device. It is at least going to open the door sufficiently that it is going to be very expensive to litigate in the future.
You can easily envision the employee with the customer list on their personally-owned phone walking into their new employer with what they feel is a leg up on all the other sales people. It's on their phone, it is their list of contacts that they have been dealing with for years and now they can offer them new stuff from their new employer. Why not, right? Well, if you do it with paper you are going to get sued. My guess is that if you do it with your phone it is going to be a lot more complicated than it would have been before.
A large part of the problem is that some companies simply do not understand the ramifications of having their supposedly private, secret information scattered about. They plug in a wireless router on the internal network without thinking it through, perhaps comforted by the knowedge that they used the best 26-character WEP password they could think up.The president brings in a iPad into a completely Windows-centric environment and wants to be able to use it with company data - not knowing that the application makes a static copy of the entire database on the device.
Yes, there are some nice nifty devices out there that the company hasn't seen fit to buy yet. That doesn't mean they should be on the network. And the whole question of user-owned devices being securely within the trade-secret umbrella or not is one that will only be resolved through a lot of court cases. And some people would do very well to remember that it isn't the successful business that gets to be one of the "first" in litigation.
Re:Simple, really (Score:5, Interesting)
...ABSOLUTELY NO DEVICES NOT COMPANY SUPPLIED ON THE NETWORK. If the company is counting on trade-secret status for things like customer lists...
Funny you should mention this, to work around that agony, at a previous financial services employer, the field techs had the customer site data in plain text email as attachments, which the field circus techs had access to via internet webmail. Boss/supvr was gatekeeper and responsible for email forwarding the most recent customer data snapshot to any of his techs that requested it from him.
The problem with hollywood movie plot based security is that it usually completely misses the mark of real security issues. If it takes 30 minutes of biometric and two factor security to get some data, what happens in the real world is one tech will simply txt message another tech asking him to email the info he needs to his gmail.
Re: (Score:2)
Re: (Score:2)
don't forget about hippa as well (Score:3)
That is a big one as well.
what about companies that make you buy / pay part (Score:3)
what about companies that make you buy / pay part of the cost of there system??
Now if they are forceing you to buy there system then you should be able to install any game or app you want but what about mixed cases where the company and you both pay for the system who own's it and who has the right to data and out of work use?
Re: (Score:2)
I've never here'd of such a thing.
If there's any question... (Score:2)
The Congress shall rapidly remedy it, in employers' favor. What, are you against campaign financers job creators?
UK Information Commissioner Office issues guidance (Score:5, Interesting)
ICO issues guidance about private emails [guardian.co.uk], reminding the public sector that the Freedom of Information Act covers private emails if they are used for business matters.
"Christopher Graham, the information commissioner, said: "It should not come as a surprise to public authorities to have the clarification that information held in private email accounts can be subject to freedom of information law if it relates to official business."
Not really a device thing... but related none the less.
Trade secret argument is bogus (Score:3, Insightful)
Re: (Score:3, Insightful)
The employee may unwittingly do so. People don't accidentally blurt out trade secrets, but many people do opt to download and run the occasional Trojan, many run buggy software or software that un-buggily treats some types of caches as not particularly sensitive, or they send home PC's unencrypted drive platters back to manufacturers, or run proprietary software where you (nor they) simply don't have any way of knowing what all it does, or -- countless other things.
You can say it was still their responsib
where's the muddiness? (Score:5, Interesting)
Life is pretty fucking simple:
- the company's data belongs to the company
- the individual's data belongs to the individual
- customers' data belongs to the customers and is protected by law
So don't allow customer data onto insecure personal devices, decide whether you'll allow company data onto those devices and accept that your employees will have data you don't control on them.
Shit, I work for a bank, I can think of a dozen ways of permitting end user computing in the office without breaking any FSA regulations, the law or unreasonably jeopardising the company.
Re: (Score:3)
Example:
Say I am an outside sales rep. I do have an office at the company and I receive maybe 10% of my book from company leads. I am 100% commissioned. In my office I have copies of every clients data, invoices, receipts, everything with an emphasis documenting profit, among other things.
One day I show up and get terminated and my boss says you cant take your records.
Whos property is it?
Re: (Score:2)
Either it's your data or it's the company's. What the fuck does the underlying device have to do with that? Why the hell didn't you and the company agree on this long ago, back when you were first employed in that role?
Those issues are not end user computing related.
Re: (Score:2)
Back it up externally, just to be sure. Possession is 9/10ths of the law.
Re: (Score:2)
You will have plenty of people who would argue that there is no such thing as data ownership. Many of them here.
Re: (Score:2)
but it does not let the Corporation push off the costs of a smartphone onto the worker without compensating them for it.
how are we going to afford the CEO's new diamond inlaid business cards? Actually BUY tools for the employees? are you mad?
Only companies run by idiots try and con the employees into supplying their own tools for work. If it's their tools they control what is on them not the company. If you want control, purchase and maintain ownership of all tools the employees use.
When I leave my jo
Re: (Score:2)
From a business perspectice, it's insecure. The business aren't in control and so customer data should not go.on it.
It may however be sufficiently secure for company docs.
This is ridiculous speculation. (Score:3)
When employees store company data on their personal devices, that could invalidate the trade secrets, as they've left the employer's control.
Bullshit. You might as well claim that trade secrets are invalidated if the employee takes written notes home from a meeting because, after all, "they've left the employer's control". Except that employee still has a legal obligation to not spread those trade secrets to unauthorized parties...
Re: (Score:2)
I've worked with some who didn't. .
Trade secrets and lack of control (Score:3, Interesting)
I think the argument that trade secrets are revealed because the employee's device is outside the company's control is somewhat invalid. The device may be outside the company's direct control, but technically so is the employee's brain and mouth. The employee, however, is within the company's control, thanks to the agreement the employee signed about how they'd handle the company's secrets. Since the employee's device is within the employee's control, and the employee's agreed to handle secrets in an appropriate way, the company's got sufficient indirect control to keep the secrets secret. If that weren't the case then telling the employee the secret in the first place would expose it, since the employee's mind isn't under the company's direct control and the only control exerted is the same agreement about how the employee will handle those secrets.
Cloud storage is another matter, but solving that will require a massive change in the law: making it so my e-mail is mine, period, and you can't serve a subpoena on the server operator to gain access to my e-mail, you have to serve the subpoena on me.
Re: (Score:2)
If you get in a trade secret dispute you have to be able to show that you took fairly stringent precautions to protect the secrecy of the trade secrets including keeping the information under some sort of lock.
Having them sitting on employee phones is a pretty dicey position to be in.
http://www.fenwick.com/docstore/Publications/IP/Trade_Secrets_Protection.pdf [fenwick.com]
No it doesn't. (Score:2)
It doesn't muddy the rights. All the potential problems involve unintentional (on the part of the company) release of the information to third parties. The employees are supposed to have access to company information, but aren't allowed to disclose it to third parties without permission.
Adjust expectations (Score:2)
Simple fact, Ajaxco might very well make the best widgets out there at a fair price, but NOBODY gives a crap about it's email. NOBODY.
Some people might care about customer credit cards, and so those shouldn't be on ANY mobile device, no matter who owns it.
If somebody finds a lost cellphone, they will do one of 3 things.
What they won't do is try
Dear CEO (Score:2)
My device, My data. if you want control over it, then stop being a cheap bastard and buy me a iPhone and you pay for the data plan and cellphone service.
If you want control, you have to pay all the costs. Otherwise, stuff it in your gold plated urinal.
Company/Personal Responsibility - Not Muddy at all (Score:2)
Fortunately for us (Score:2)
If the device (phone, Tablet or PC) does not belong to us, it is not getting connected to our network. This is absolute - for secretaries, doctors, nurses or whoever else you care to mention.
Sometimes we get new starters showing us their BlackBerry/new iPad/laptop/whatever but we just show them the documentation and that is usually the end of the story.
Our "Service Desk" (Help Desk) know this and tell people. It is interesting that those at the top of the tree and those nearer the bottom both seem to be a
the radio piracy all over again? (Score:2)
Employee-Owned Devices Muddy Data Privacy Rights (Score:2)
Re:Email a trade secret? (Score:5, Insightful)
Forget that; I want clarification on the right of the corporation to invade our privacy. They shouldn't be able to "steal" your computer and clone the whole thing just to find out if you emailed the competition some secret!
Information is not property. Once you let them redefine reality you've conceded to their terms of battle.
Re:Email a trade secret? (Score:5, Insightful)
No, COMPANY email is trade secret. Why are people paying their own money to buy hardware and software for work-use is beyond me. Sure the company won't buy you the latest shiny i-crap from grApple but is it worth it to get sued for breaking NDAs and industrial espionage? You want toys, you buy it yourself and use it for home and off-work.You want to work? Get your company to pay for it and return it to them when you leave the company. The end.
Re:Email a trade secret? (Score:4, Informative)
For the same reason why they went to a great deal of trouble to secure a Blackberry for President Obama to use. Professionals of all stripes have become attached to one piece of equipment or another that they depend on to be productive (or more productive.) It's not about "toys" as much as it's about the professional employee trying to retain the tools that help him or her to do the job most effectively. The employer's standard tools might be adequate but if the employee is capable of providing 10% more on familiar equipment, why force the employee to switch? Liability, lawsuits, NDA's, espionage, blah, blah, blah. All of that is a lot of FEAR. I'll admit, my first reaction when I heard about employees bringing their own equipment to work was to think, "stupid employees." But the more I've thought about it, the more that I think that it's about the employee and the employer asking the question, "How can we do the most for our customers?" instead of asking "How can we cover our cowardly asses?"
If I had to do a lot of calculations everyday, I'd probably provide my own calculator. If I were working in a kitchen, I'd probably provide my own knife. If somebody's job requires a lot of communication, why should it seem so strange that they want to provide their own smart phone?
Re: (Score:2)
"Why are people paying their own money to buy hardware and software for work-use is beyond me"
Same reason 90% people in IT overwork without additional pay.
I want my own stuff. (Score:3)
Why?
1. I don't want to carry two cell phones with me. If the boss wants me on call after hours, then he can use my own number.
2. I don't use MS. I'll use my mac, with linux running in virtualbox for developement. Yes, if they insist on using some MS programs, I;ll run VB for winsnooze too.
3. I may have different ideas of what software to run than the company does.
How much of this to allow is a company decision. They pay the coin. They set the rules. In many industrial sites here you have to wear N
Re: (Score:2)
because this is not reddit.
Re: (Score:2)
Yes it is property. They call it "intellectual property law" for a reason.
Re: (Score:2)
If I work for a company, and I email you to say that "Yes, we will do business with your company according to the contract we discussed" (or something like that), that is a form of legal agreement - or at least shows the intent to do business. Its probably a little less important than physically shaking hands in front of witnesses might be but it has some importance. Moreover because it took place electronically, I suspect courts are likely to expect it to be recorded.
If we later get into a lawsuit about th
Re: (Score:3)
So MY phone runs an imap client. The original data is on a corporate server. The imap server is modified so that 'delete' means 'archive' and thereafter follows whatever data retention policy you have.
The issue with a my phone is this: Do YOU as a company have a right to wipe my phone if I have confidential information on it. Do you have the right to MY iCloud password to check for data.
The problem is one of trust. If you have a reasonable HR depeartment you hire people with integrity. You let them go
Re:One more reason to consider that (Score:4, Insightful)
You can not own the information..
I don't know if you can own information, but there is definitely a concept of secrets and privacy. Your own thoughts should be protected so that you can think freely without fear. By extension, it's reasonable to imagine that companies should be allowed to have trade secrets. Just as it would be upsetting if people set up a scaffolding half a mile away and directed a super long zoom lens into your bedroom; even if they did it from their own property; it's reasonable to allow companies some ability to protect trade secrets.
It seems to me that this, where you are restricting the right of someone to spy on information which is held primarily by the company, is on much stronger ground than copyright, where you try to restrict someone else from saying something which is already in their mind.
Re: (Score:2)
No... I dont think so.
And unless you have a creepy workplace, they wont exactly be able to install monitoring software on your personal phone unless you sign something allowing them to, in which signing this also allows them other rights such as monitoring your texts, thereby making your texts work related regardless if personal or not.
I would make employees sign a "this business can wi
Re:One more reason to consider that (Score:5, Insightful)
It's not just an issue of protecting "trade secrets", but of protecting customer information in compliance with law and being able to prove that corporate decisions are made in compliance with law without collusion and back-room deals.
Most employees (including a HUGE segment of the Slashdot crowd) do not understand the fundamental reason companies do NOT want you using "personal devices" to do business, but to use the company-provided equipment instead.
The company's obligation to legal and ethical requirements to protect and manage data FAR outstrip your desire to use your iToy at the office.
I find it remarkably odd... (Score:4, Interesting)
I find it remarkably odd that people are spending any time at all considering how to protect company secrets when companies spend practically none of their own time thinking of ways to protect ours...
Re: (Score:3)
It's not just an issue of protecting "trade secrets", but of protecting customer information in compliance with law and being able to prove that corporate decisions are made in compliance with law without collusion and back-room deals.
Most employees (including a HUGE segment of the Slashdot crowd) do not understand the fundamental reason companies do NOT want you using "personal devices" to do business, but to use the company-provided equipment instead.
The company's obligation to legal and ethical requirements to protect and manage data FAR outstrip your desire to use your iToy at the office.
Posted from my iPhone.
There I fixed it for you. ;-)
Re: (Score:3)
Hat tip for you:
This article is by Galen Gruman, finally getting around to the other side from his "I hate IT, all IT people are stuck up overlords who won't let me have a toy to play Farmville on at work" garbage.
Infoworld has so caught on to his blitherings that they pre-emptively disabled comments on his latest column.
I don't understand why they don't just fire him. He must be related to someone in charge.
Re: (Score:2)
That "by extension" bullshit is exactly that - BULLSHIT!
A company is not a person, and companies are not eligible to be considered as persons. The rights of people are not properly extended to corporations.
Re: (Score:2)
A corporation is a joint effort of one or more people. Are you saying that individuals should be stripped of rights when they start to cooperate?
Re: (Score:2)
Saying this doesn't make it so, and it has nothing to do with self-centered sociopaths. There are many legal theories of information ownership, and they're time tested, and in some cases, needed. Your "coincidences" suggestion summarily dismisses any argument. You should go into politics.
Re: (Score:2)
You can not own the information. Anyone thinking otherwise is deluded fool. Coincidentally, those type of people are self centered sociopaths too.
Is there another kind of sociopath?
And moderators - just because you don't agree with, or understand something - why moderate it troll?
Shouldn't you be moderating up good posts - and if, if, something is particularly offensive, like APKs sad host file binges, moderate it down?
Just thinking.
document it send a e-mail to the purchasing person (Score:2)
Make it say if you do not sign off on the funds to renew our web site name (add more to make it sound like it's not the severs) can end up sending people to a other company or maybe even end becoming a porn site. Put in links to other dead web sites maybe even goatse.cx saying some other person can buy our site and trun it in to that.
Re: (Score:2)
4) Quit the company and work for one where the idea of being "not allowed to talk to" someone is ridiculous.
Seriously? You're not allowed to talk to someone at your own company?
Re: (Score:2)
Aside from you being an employee, what is the difference between 1 and 2?
Additionally, if you don't renew it, it will be snapped up and held hostage by some registrar or addsense farmer.
Once that happens it becomes complicated and real costly.
Re: (Score:2)
Don't do it. Document the risks in 1 and pass it along with your request to the party that can sign off on it. Make it clear that you stand ready to process the request when they approve the funds. It is now their decision and their problem.
Next, polish your resume. If they're really so chintzy/policy locked that they would risk it over a <$20 domain registration fee, they probably are making other equally stupid decisions.
Re: (Score:2)
That's fine for the 8 hours I'm on company time. But if the boss wants me to take a look at some document over the weekend and she e-mails it to me, its going to end up on my device. Take a look at how many people are 'on call' 24x7. Or their boss expects to be able to reach them after hours.
Re: (Score:2)
WATCH!!?!
Security, can you escort this watch wearing heathen from the building! We will ship you the contents of your desk after we inspect it all first.