More RSS Feeds Are Available On The I've Been Mugged Blog!
Valid Corporate Email Or Phishing Email?

When Your Employer Disables Your Personal Phone

This story is a warning about the risks of using your personal smart phone, tablet computer, or mobile device for work for your employer. NPR reported a story about how Amanda Stanton's employer killed her personal iPhone remotely without notice and without authorization:

"... Amanda Stanton's iPhone suddenly went black. She had been talking on it and navigating with a GPS app during a work trip to Los Angeles. Then, without any warning or error message, the phone quit. Everything was gone — all her contacts, photos and even the phone's ability to make calls."

I would imagine that Stanton felt mugged. I know that I would have felt like I had been mugged. We consumers store so much personal information on our smart phones and tablet computers.

In this case, the Information Technology department at Stanton's employer accidentally wiped clean Stanton's smartphone with a command via a email. While that sounds like science fiction, it is indeed fact. According to the news story, many of today's smartphones and tablet computers come preloaded with software that enables key device features (e.g., the device, its camera, its web browser) to be turned on or off.

Did you know this? I didn't and I bet you didn't either. Stanton's experience is troubling because it was her personal iPhone and not the company's property. While it is convenient for consumers to use a single mobile device while traveling or away from the office, it may not be wise to use your mobile device for your employer's business. Stanton's experience highlights several issues consumers need to consider:

  • Lost/stolen mobile devices: the remote wipe function is helpful for consumers when your smartphone/tablet is lost or stolen. The thief is unable to use the device and can't access any sensitive personal data you have saved on it. Browse remote-wipe instructions for iPhone users, or for Palm Pre users. Browse data security suggestions for Blackberry users. Consumers with Android phones should consider using the Mobile Defense app.
  • Protection of company assets: the remote-wipe function is helpful for employers to minimize the data breach impact when smartphones or mobile devices contain proprietary company data or information about the company's clients, customers, processes, or financial statements. Plenty of data breaches have resulted from lost/stolen laptops. Smartphones and tablets represent the next wave of data breaches. It wise to avoid storing company information on your personal smartphone or tablet PC.
  • Corporate policies: it is wise for consumers to know their employer's policy about using personal mobile devices for company business. The policy may require the employee to waive certain rights. In Stanton's case, she decided it was too risky to use her personal iPhone for company business. The same risks may apply to you. The employer's policy make maybe one-sided; effectively that the employer gets the right to control the employee's personal device. Or worse: the employer may not have a policy leaving things vague or inconsistently handled by the employer's Information Technology or security department.
  • Safety Issues: Stanton's situation could have placed her personal safety at risk. I shudder to think of a woman traveling alone in a strange city who may need help only to find her smartphone doesn't work due to a remove wipe. Stanton's situation could have had really negative, unintended consequences.
  • Password Protection: you should password-protect your phone so only you can use it. You can set your phone to automatically self wipe after X number of failed sign-in attempts.

If  an employer lacks a policy for mobile devices and events like Stanton's continue to happen, then I expect the issue will get resolved in the courts. As the author concluded:

"... there's now a breakdown of the old paradigm that your company controls work devices and you control yours and 'never the twain shall meet.' "

Breakdown, indeed. For the reasons listed above, there it is wise to keep your business and personal information on separate mobile devices. What do you think?

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

tparker227

It did happen to me when I was working with my arrogant and discriminating boss before. I thought, it's totally discriminating. But as soon as I founded my own company, I did realize the importance of mobile devices rules in the company. This precautionary measure is only made to protect company assets and even the identity thief - most especially when working with telecommunications and online marketing industry. I hope, my employees would happen to read this blog so as to give them idea why we have this type of corporate policy.

eeF

I agreed with tparker227. If the employee decided to use one phone, remember to always back up the valuable personal data (i.e. contact info)

George

eef:

Yes, employees should always back up their personal smart phone or mobile device, whether used for personal, business or both. This should not minimize the necessity for employers to have and distribute a mobile device policy.

George
Editor
http://ivebeenmugged.typepad.com

Call rates

I agreed with tparker227 too. Its the right of the company to give the policy depending on their worries upon their business. To prevent from sabotage management issues agreement upon the contract. When your employee disable your personal phone you have the right to fire him/her. Mobile Phones are considered personal necessities. Personal privacy should be respected.

Notcathy

We need to respect company policy. As an employer they have the right to implement what they think what is right for the company for safety reason.

Timothy Riley

There's a flip side to this whole discussion. What if a company deletes information damaging to it from an employee's personal iPhone3 who is about to be fired and plans to file a wrongful termination/hostile work environment lawsuit? The damaging information includes texts and e-mails to his district manager, regional manager and Human Resources department complaining of blatant anti-Semitism at 4 Persian Moslem controlled stores where he worked. The damaging information also includes a detailed complaint to HR of an incident where a swastika was carved into a notepad and thrown at him in a sales meeting chaired by a Persian Moslem Manager. I could go on. I am facing just this type of situation in a lawsuit about to be filed in California. My forensics experts have confirmed a complete but focused deletion of all data from the commencement of my client's employment until just before he was fired. They have also confirmed a selective deletion of photographs where my client recorded significant sales increases at each store to which he was assigned. I have gone up the chain at Apple and they have confirmed that everything that was done could have accomplished because the company entered it's e-mail address and IP number into the cell phone at the time of my client's hire. If I can prove who did this, it becomes spoliation of evidence. The problem seems to be identifying the culprit. Can someone tell me what type of electronic trail would be left both at the company's end and at Outlook's end (the Microsoft Exchange Server).

The comments to this entry are closed.