In a communicative age, where ideas and data are shared easily and nearly instantaneously, it's easy to overlook that a great amount of data that we share - purposefully or inadvertently - contains sensitive information. We're always careful to protect sensitive information and data to the utmost of our ability, but of course there will always be pieces that fall through the cracks.
But the question arises; what happens when the sensitive information we share - even carefully - becomes compromised? Employees are often thoroughly trained and informed about data sharing policies and safety practices, but studies reveal that more than one in four data breaches are caused by lost or stolen devices. Devices stolen from purses or left behind on a train can contain sensitive information, and sometimes a company is left with no other choice than to protect their intellectual and confidential property.
The remote wipe: protecting data from afar
Due to the changing nature of work for an increasing number of people, mobile devices - laptops, tablets, and phones included - are vital for working across web platforms, applications and for basic day-to-day operations for businesses in a variety of industries. The problem with the use-anywhere-be-anywhere nature of these devices is the fact that they can easily be stolen. In the blink of an eye, sensitive company information can fall into the hands on someone looking to exploit private information - and these breaches are pricey, averaging out to costing an enterprise an average of $3.86 million per breach.
That's why the remote wipe exists. Basically, remote wipe gives companies (and individuals) the ability to send a command to a mobile device and wipe it clean of sensitive information. This is done primarily in the case of a lost or stolen device, but companies also use it when an employee is fired or resigns from a position in which they continue to have access to sensitive information following their leaving the company.
Some companies don't rely on a full remote wipe of a device to protect data. Some install management software (MDM and EMM) onto devices used for company work - including companies with a BYOD policy - that enables remote wipes at any time. Businesses that are able to will often partake in a remote enterprise wipe, meaning they will only wipe company-related information from the device. However, since this cannot ensure a complete wipe of all company-related data, remote wipes are often done to all information on a phone, thus reverting it and all of the personal information a device contains back to factory settings.
Can companies actually wipe personal information?
Companies with a BYOD policy encounter a bit of a dilemma here: they don't want to wipe personal information from devices, but is it worth risking the safety and confidentiality of both the business and clients, in addition to the potentially millions of dollars in costs related to a security breach? Probably not, or in other words: they don't care if they delete your personal information.
But is it legal to wipe this personal information? This, of course, is a loaded question. Some level of legal precedence exists on the matter involving a 2013 civil case in Texas - Rajaee v. Design Tech Homes, LTD. - where a personal cell phone was wiped of personal information following Rajaee's resignation. Rajaee argued over $100,000 in losses from the remote wipe and violations of the Electronic Communications Privacy Act and Computer Fraud and Abuse Act. The court dismissed the employee's claims.
This lack of a successful outcome on Rajaee's end does not spell the end of this matter, though. It's possible that as mobile devices become more integral to the functioning of our everyday lives, the interpretation of the value of this personal information and the types of electronic communications that occur on a mobile phone may change and be in favor of plaintiffs in cases like this one. But for now - yes, an employer can complete a remote wipe to avoid confidentiality breaches on their business's data.
So what can be done?
Of course, the remote wipe of a personal device will walk a fine line of what an employer is and isn't allowed to do with an employee's lost or missing device's personal information. To avoid such issues and damages on both ends, here's what you can do:
Employers - develop a BYOD policy that employers must sign off on in order to use their own device for any and all types of business matters in which they may have access to sensitive information. Turn it into a contract and you are not only fully informing employees of potential risks, but protecting yourself from any legal repercussions that my ensue.
Additionally, it may be worth reevaluating the way in which data is shared to employees. Using data sharing and protection services like Dropbox allows you to keep data and communications in a protected location. Best of all, you can remote wipe specific devices of company information within the data sharing community - preserving personal information on the phone, but protecting sensitive company data.
Employees - backup any personal information on either the cloud, an external hard drive or a data protection service. Your personal information has real value, and much like your family and personal property, it is your job to protect them. Also, be aware of your rights as an employee; check on the documents you sign and the programmes your company installs on any device that you use for work. Take the initiative to protect yourself while understanding that your company must also protect itself.
This is a sponsored post for Dropbox. All opinions are my own. Dropbox is not affiliated with nor endorses any other products or services mentioned.
Rachel Lombardo is a professional content writer & social media manager based in Pittsburgh, Pennsylvania. In addition to having been published with the Juvenile Diabetes Research Foundation and Hot Metal Bridge's ‘In Brackets' podcast, Rachel is a part time trivia host, fan of beauty and makeup, and full-time goofball. Connect with her on LinkedIn.
Both Facebook and Cambridge Analytica were certified under the pact, Civil Liberties Committee points out
Company vicariously liable for leak of payroll data of 100,000 staff in 2014 by internal auditor Andrew Skelton, Court of Appeal rules
Panel urges companies to avoid euphemisms and acknowledge when they've been breached - or risk being fined
The European Parliament wants to bring the rules for online services in line with those for traditional telecoms