Privacy and the Mobile Device
By: David Wilshire, Principal Consultant
Privacy is on everyone’s mind these days, especially in light of recent high-profile data breaches. The reality is that we’re all vulnerable. Our digital footprints don’t fade away, which is why maintaining a balance between privacy and mobile device usage is so important.
The use of smartphones in the workplace can provoke anxiety about employee privacy and the extent of company oversight . As smartphones become more advanced, and as we increasingly depend on them for our everyday tasks, employees are asking:
- Can my company see where I am?
- Can my company monitor my activities?
- Can my company see who I talk to/message with?
- Can my company see that I’m browsing for a new job?
Companies have their own concerns, too:
- If this is a company-provided asset, is it appropriate to know where it is?
- Is the company entitled to wipe the device and its contents?
Is “Big Brother” Watching? If So, What Can He See?
Many types of data are unavailable for collection by companies. Browser history, email messages, phone numbers of received/dialed calls, text messages, pictures, videos, notes, and the like cannot be queried from an employee’s device.
Types of data that can be collected/viewed by a device management system include information about the device itself, such as the carrier, SIM, phone number, UDID, amount of storage available, battery percentage, and Wi-Fi IP information. A list of installed applications, the GPS location, and profiles can be collected as well.
Modern mobile device management (MDM) systems can be configured to only collect the data required to effectively manage the devices for functionality and security. The application list, for example, may be used to identify incorrect app versions, or to identify devices that have an app known to contain malware.
Additionally, a well-behaved MDM system can differentiate between company assets and employee-owned (or BYOD) devices. For example, GPS location can be collected from company-provided assets where the company has a financial interest, whereas an employee device would not be tracked.
It is important to define privacy policies in accordance with company requirements while assuring that employee privacy is protected. Equally important is to communicate that your company is not spying on staff or tracking their digital footprints everywhere they go.