Bring Your Own Device Policy - Part 3

My humble attempts to draft clauses for a BYOD policy have spawned excellent comments on my G+ page.  The comments for BYOD Part Two particularly focused my attention on the feelings of employees.  A BYOD policy rouses feelings about employee dignity and privacy.

For many enterprises, policy with employees regarding the ability of the enterprise to get records must be firm and must try to avoid ambiguity.  Otherwise, when controversy or investigation arises, the enterprise is exposed to delay and litigation with employees.

However, in response to the feelings of employees, what do you think of this clause?

"As a matter of honor and reputation -- but not as a matter of legal liability or obligation – the Company aspires to be forthcoming with employees as a whole about the practical impact of this Policy on employees over time."

The clause tilts toward the enterprise being transparent with employees about how the policy is being used in practice.  But it aims not to give assurances that an employee could use to frustrate the enterprise's attempts to get records when they are needed.

For context, please see

* Bring Your Own Device Policy - Part 1

* Bring Your Own Device Policy - Part 2

I welcome all comments.  If I'm wrong, please tell me I'm wrong.


Mr. Wright teaches The Law of Data Security and Investigations at the SANS Institute.  He is working to add a BYOD section to the course.

No comments:

Post a Comment