Who is legally liable for information on employee devices?

5 pts.
Tags:
BYOD Policy
Security

If illegal software and images are on a BYOD who is liable.

I have been involved in some cases and this involves my background working with police
and computer forensics investigations.
It is very clear to me that company directors and IT Management and directors have 
got this very wrong.
Look Forward to your response. 

Answer Wiki

Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

Discuss This Question: 9  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.
  • CharlieBrowne

    You say that Directors & IT Management have it wrong; but you do not say how they have it. So how can we refute it?

    My answer would be

    1. Who owns the device?

    2. Who loaded the illegal data on to the device?

    3. Where did they get it from?

    4. Why was it loaded on the device?

    The answers to these questions would need to be answered before you could determine liability.

    62,340 pointsBadges:
    report
  • Kevin Beaver
    How do you mean? What are you trying to get at? Prove?

    What's the business risk? What regulations/laws have been violated?

    What's your role being involved with these cases?
    25,210 pointsBadges:
    report
  • ToddN2000
    Are you facing a software audit to validate licensing? What is managements stand on the issue?  Do they have corporate policy on devices and software? Are they enforced? There are too many possibilities and not enough facts on what is going on to answer this properly. Can you provide some more detailed facts ?
    95,450 pointsBadges:
    report
  • Genderhayes
    Thats why its cyber liability most companies have work devices that allow others to access company informayion
    10,665 pointsBadges:
    report
  • Kevin Beaver
    A couple more thoughts: There's no way to know who's "liable" unless and until our justice system works itself out.

    Furthermore, policies are arguably worthless because users are often out of the loop, they're not maintained, or (perhaps worst of all) they're not enforced. Wrote about this and more in the following piece:
    Polices don't get hacked so why do they get all the attention?

    Be careful!
    25,210 pointsBadges:
    report
  • Jaideep Khanduja
    If these devices are working in an organization environment, the responsibility to track, trace, and raise alarm is IT department's responsibility. Obviously, the person whose device carries unwanted software/information has to bear the penalty for violating organization's policies.
    17,315 pointsBadges:
    report
  • Kevin Beaver
    To @Jaideep's point, the employee is responsible to the extent that they know about the policy in the first place...many users are often completely out of the loop on these things.
    25,210 pointsBadges:
    report
  • ToddN2000
    I agree with CharlieBrowne and Kevin. So many people don't follow the rules from what I have seen. The main reason is the companies don't take the proper steps to enforce the rules. They may have set device rule up in an employee handbook which I bet a lot of employees don't even read. I know companies could probably put a scare into some offenders by telling them it's time for an audit of their device if it's company owned and turn it in for review. Personally owned devices that connect would be a different issue. I don't think they would turn over their device to the company to see if it's running some application that may cause a system failure / security breach. I still don't think that is as big an issue as e-mail. We still have issues with employees connecting and opening a bogus e-mail and causing problems. Phishing scams and the like are getting so much more advanced in their subject line in baiting people to open them.. The few I like I see a lot are "Problem with your UPS package" "USPS Mail delivery hold request notification". In a business environment most click without giving it a thought.
    95,450 pointsBadges:
    report
  • Kevin Beaver
    Here's a recent article I wrote on the fascination with - and addiction to - "policies" and why it just doesn't make sense:
    https://portal.iansresearch.com/content/3091/blg/beaver-policies-dont-get-hacked-so-why-do-they-get-all-the-attention
    25,210 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.

Following

Share this item with your network: