The remote wipe dilemma: why companies take extreme measures to protect data

clock • 5 min read

Erasure of personal information from stolen devices may be the only way to protect companies from extensive damage

In a communicative age, where ideas and data are shared easily and nearly instantaneously, it's easy to overlook that a great amount of data that we share - purposefully or inadvertently - contains sensitive information. We're always careful to protect sensitive information and data to the utmost of our ability, but of course there will always be pieces that fall through the cracks.

But the question arises; what happens when the sensitive information we share - even carefully - becomes compromised? Employees are often thoroughly trained and informed about data sharing policies and safety practices, but studies reveal that more than one in four data breaches are caused by lost or stolen devices. Devices stolen from purses or left behind on a train can contain sensitive information, and sometimes a company is left with no other choice than to protect their intellectual and confidential property.

The remote wipe: protecting data from afar

Due to the changing nature of work for an increasing number of people, mobile devices - laptops, tablets, and phones included - are vital for working across web platforms, applications and for basic day-to-day operations for businesses in a variety of industries. The problem with the use-anywhere-be-anywhere nature of these devices is the fact that they can easily be stolen. In the blink of an eye, sensitive company information can fall into the hands on someone looking to exploit private information - and these breaches are pricey, averaging out to costing an enterprise an average of $3.86 million per breach.

That's why the remote wipe exists. Basically, remote wipe gives companies (and individuals) the ability to send a command to a mobile device and wipe it clean of sensitive information. This is done primarily in the case of a lost or stolen device, but companies also use it when an employee is fired or resigns from a position in which they continue to have access to sensitive information following their leaving the company.

Some companies don't rely on a full remote wipe of a device to protect data. Some install management software (MDM and EMM) onto devices used for company work - including companies with a BYOD policy - that enables remote wipes at any time. Businesses that are able to will often partake in a remote enterprise wipe, meaning they will only wipe company-related information from the device. However, since this cannot ensure a complete wipe of all company-related data, remote wipes are often done to all information on a phone, thus reverting it and all of the personal information a device contains back to factory settings.

Can companies actually wipe personal information?

Companies with a BYOD policy encounter a bit of a dilemma here: they don't want to wipe personal information from devices, but is it worth risking the safety and confidentiality of both the business and clients, in addition to the potentially millions of dollars in costs related to a security breach? Probably not, or in other words: they don't care if they delete your personal information.

But is it legal to wipe this personal information? This, of course, is a loaded question. Some level of legal precedence exists on the matter involving a 2013 civil case in Texas - Rajaee v. Design Tech Homes, LTD. - where a personal cell phone was wiped of personal information following Rajaee's resignation. Rajaee argued over $100,000 in losses from the remote wipe and violations of the Electronic Communications Privacy Act and Computer Fraud and Abuse Act. The court dismissed the employee's claims.

This lack of a successful outcome on Rajaee's end does not spell the end of this matter, though. It's possible that as mobile devices become more integral to the functioning of our everyday lives, the interpretation of the value of this personal information and the types of electronic communications that occur on a mobile phone may change and be in favor of plaintiffs in cases like this one. But for now - yes, an employer can complete a remote wipe to avoid confidentiality breaches on their business's data.

So what can be done?

Of course, the remote wipe of a personal device will walk a fine line of what an employer is and isn't allowed to do with an employee's lost or missing device's personal information. To avoid such issues and damages on both ends, here's what you can do:

Employers - develop a BYOD policy that employers must sign off on in order to use their own device for any and all types of business matters in which they may have access to sensitive information. Turn it into a contract and you are not only fully informing employees of potential risks, but protecting yourself from any legal repercussions that my ensue.

Additionally, it may be worth reevaluating the way in which data is shared to employees. Using data sharing and protection services like Dropbox allows you to keep data and communications in a protected location. Best of all, you can remote wipe specific devices of company information within the data sharing community - preserving personal information on the phone, but protecting sensitive company data.

Employees - backup any personal information on either the cloud, an external hard drive or a  data protection service. Your personal information has real value, and much like your family and personal property, it is your job to protect them. Also, be aware of your rights as an employee; check on the documents you sign and the programmes your company installs on any device that you use for work. Take the initiative to protect yourself while understanding that your company must also protect itself.

This is a sponsored post for Dropbox. All opinions are my own. Dropbox is not affiliated with nor endorses any other products or services mentioned.

Rachel Lombardo is a professional content writer & social media manager based in Pittsburgh, Pennsylvania. In addition to having been published with the Juvenile Diabetes Research Foundation and Hot Metal Bridge's ‘In Brackets' podcast, Rachel is a part time trivia host, fan of beauty and makeup, and full-time goofball. Connect with her on LinkedIn.

You may also like
Microsoft can't guarantee UK data sovereignty

Police

UK policing data may be transferred overseas

clock 24 June 2024 • 3 min read
UK gym chain Total Fitness leaks personal images online

Hacking

Other leaked data includes ID documents, payment information and phone numbers

clock 18 June 2024 • 2 min read
Remote working: We're on top of defending WFH, say IT leaders

Security

'Security has been moved to devices rather than offices meaning all have the same protections'

clock 31 May 2024 • 3 min read

Sign up to our newsletter

The best news, stories, features and photos from the day in one perfectly formed email.

More on Portable

Google launches Nexus 5X, Nexus 6P, Android Marshmallow, Pixel C hybrid tablet and new Chromecast

Targets both Apple and Microsoft with bevy of new devices

Charlee Gothard
clock 29 September 2015 • 4 min read

Google Glass on general sale next week...for one day only

Google Glass will go on sale in US for 24 hours next Tuesday

Danny Palmer
clock 11 April 2014 • 1 min read

Influence: Mobile Working in the NHS

How tablets and secure remote technology is benefiting the healthcare industry

Charlee Gothard
clock 30 October 2013 • 1 min read