What are the legal implications?
Legislation such as the Privacy Act 1988, Archives Act 1983 and Freedom of Information Act 1982 can affect whether an organisation is able to implement BYOD in their environment and, if so, what controls need to be implemented to ensure all legal obligations can be fulfilled.
As BYOD can increase liability risk to an organisation, organisations will need to be ready to manage issues such as software licencing, inadvertent damage to an employee’s personal data, or expectations of privacy in the event of an investigation, Freedom of Information request or incident response activity.
What are the financial implications?
Organisations implementing BYOD may benefit from reduced hardware costs should employees pay for their own devices. However, there can often be an overall cost increase as a result of the need to support a variety of employee devices, manage security breaches or cover some costs associated with an employee’s device or its use.
What are the security implications?
There are a number of security implications associated with BYOD. For example, employee devices storing unprotected corporate information could be lost or stolen, or employees could use unapproved applications and cloud services to handle or store corporate information.
Organisation are also likely to have reduced assurance in the integrity and security posture of devices that are not corporately managed as employees will often lack the knowledge and motivation to reduce risks associated with their devices.