Who is legally liable for information on employee devices?

5 pts.
Tags:
BYOD Policy
Security

If illegal software and images are on a BYOD who is liable.

I have been involved in some cases and this involves my background working with police
and computer forensics investigations.
It is very clear to me that company directors and IT Management and directors have 
got this very wrong.
Look Forward to your response. 

Answer Wiki

Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

Discuss This Question: 6  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.
  • CharlieBrowne

    You say that Directors & IT Management have it wrong; but you do not say how they have it. So how can we refute it?

    My answer would be

    1. Who owns the device?

    2. Who loaded the illegal data on to the device?

    3. Where did they get it from?

    4. Why was it loaded on the device?

    The answers to these questions would need to be answered before you could determine liability.

    62,340 pointsBadges:
    report
  • Kevin Beaver
    How do you mean? What are you trying to get at? Prove?

    What's the business risk? What regulations/laws have been violated?

    What's your role being involved with these cases?
    24,510 pointsBadges:
    report
  • ToddN2000
    Are you facing a software audit to validate licensing? What is managements stand on the issue?  Do they have corporate policy on devices and software? Are they enforced? There are too many possibilities and not enough facts on what is going on to answer this properly. Can you provide some more detailed facts ?
    87,915 pointsBadges:
    report
  • Genderhayes
    Thats why its cyber liability most companies have work devices that allow others to access company informayion
    10,455 pointsBadges:
    report
  • Kevin Beaver
    A couple more thoughts: There's no way to know who's "liable" unless and until our justice system works itself out.

    Furthermore, policies are arguably worthless because users are often out of the loop, they're not maintained, or (perhaps worst of all) they're not enforced. Wrote about this and more in the following piece:
    Polices don't get hacked so why do they get all the attention?

    Be careful!
    24,510 pointsBadges:
    report
  • Jaideep Khanduja
    If these devices are working in an organization environment, the responsibility to track, trace, and raise alarm is IT department's responsibility. Obviously, the person whose device carries unwanted software/information has to bear the penalty for violating organization's policies.
    16,450 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.

Following

Share this item with your network: