THE IMPLICATIONS OF BRINGING YOUR OWN DEVICE
23 Feb, 2012
Do companies have enforceable policies in place to ensure software compliance and manage the software lifecycle in the BYOD world?
The Federation Against Software Theft is calling on organisations to be aware of the compliance challenges and not get caught out as working practices shift with the growth in BYOD – Bring Your Own Device.
Julian Heathcote Hobbins, General Counsel, FAST, stated: “Smartphones, tablets, and personal laptops are fast becoming the work-tool of choice for today’s employees and many organisations are adapting to this workplace revolution in order to make the best use of employees productivity. However, this development in working practices can present huge challenges for organisations wishing to demonstrate that they are on the right side of the law when it comes to software licence compliance in managing their own IT estates.”
“Cisco has found that 52 per cent of companies allow some form of access to personal devices at work – a trend that appears to be continuing. And, according to a recent report from Gartner, mobile Web access is set to surpass traditional PC access by 2013. However, businesses need to be vigilant – the usual rules of software licensing apply and thus there are legal ramifications if software is being installed on personal devices used at work. The other aspect is security and preventing data leakage,” he added.
Jonathan Cornthwaite, Partner at leading London city law firm Wedlake Bell LLP, commented: “The business and personal benefits of BYOD need to be matched with due consideration of the significant blurring between the personal and the work space that is occurring. For example, who would be liable if a device used both in work and at home was used for illegal downloading? The answer is not clear, and unless a good deal of thought and preparation have been put into making clear what the rules are, especially if the software installed is used for both work and non-work activity, the business could be at risk.
“Thus far, discussions about BYOD have tended to revolve around data-protection issues and network security. These concerns are of course very valid. However, the issue of business liability for employee activity on BYOD devices has most possibly been forgotten by the majority of organisations. Indeed, if an employee uses a personal device at work, sanctioned or otherwise on which to install illegal software, the company could be vicariously put at risk.”
“Companies who approve the use of personal devices at work must be aware of the hazard and in retaining control of their software be pro-active. Any corporate BYOD policy must be supported by robust contractual agreements that are tailored to the needs of the individual business, establishing the exact terms of usage”, Jonathan concluded.