Blogs

I find myself reading an article this morning titled “Court: No warrant needed to search cell phone”, posted by Bob Sullivan on MSNBC’s the Red Tape Chronicles and wondering how ECM, ERM, content security and disposition would play into the scenario presented. In short, the story is about how in California, if you are arrested, the police have the right to seize and search your cell phone without a warrant. The premise is that it is part of your personal belongings and as such it can be searched as would other articles like cigarette packs and your clothes. Any information or data uncovered in this search can then be used against you. Mr. Sullivan cites a case where the defendant was arrested on drug charges and then brings up a good point raised by Mark Rasch the former head of the Justice Department’s computer crime unit that if this law allows search of cell phones would it or could it then be applied to other devices like your laptop PC?

Not being an attorney, I will not speculate on how this law works nor will I dive into the discussion on professionalism in the workplace, but it does bring to mind a what-if scenario. What if an employee is arrested for some reason and had in their laptop with them as well as their cell phone. Using the example above, it is possible that law enforcement officials could search the content of those devices as well as thumb drives and any other storage device in the employee’s possession at that time and without a warrant. If that employee happens to work in an environment where information is of a sensitive nature, what kind of information could be exposed to “unauthorized” persons and what are the potential risks to the employer?

In my view, this all points back to proper governance and the way an organization manages, secures and disposes of information. Hopefully you will not be faced with this situation, either in your own personal life or as a member of management but I think it is something that needs to be considered. Do you have employees who carry laptops with business critical information on them? Do you have employees using their cell phones to conduct business through email and text messages? How is this information protected on these devices and what are the rules over their appropriate use? Do you use security measures like passwords and encryption to protect any and all information relevant to your business? Would your current governance policies and practices meet compliance guidelines for your industry if a situation like this were to arise? Governance is a serious issue and can be challenged in many different ways, this scenario being one. The time to prepare and establish sound governance policies is now not when a potential risk is at hand.

If you are ready to prepare but not sure where to begin or what to do next, seek professional assistance and/or training to get you started.

What say you? Do you have a story to tell? What are your thoughts on this topic? What is on your mind? Do you have a topic of interest you would like discussed in this forum? Let me know.

Bob Larrivee, Director and Industry Advisor – AIIM

Email me: blarrivee@aiim.org   

Follow me on Twitter – BobLarrivee

www.aiim.org/training