I was contemplating writing about information security today in reference to the news story about how some of the confetti used at the Macy’s Thanksgiving Parade contained personal information that was shredded by the Nassau County Police Department, but that would be too obvious. Instead, I will focus on another area of challenge in the world of information management and that is the cell phone or even more challenging, the Smartphone.
In a New York Times article today titled “Courts Divided Over Searches of Cellphones”, there are many instances presented where the courts in various States are inconsistent in their approaches to the search of cell phone information. Not only are they inconsistent in whether or not a warrant is required – California says if it is on the suspect at the time of arrest a warrant is not needed – there is also inconsistency as to what type of information is allowed to be recovered. The information in question includes geographical location, business information, text messages and even information posted to social media sites from the phone.
This week, it is expected that a Senate Committee will begin a review to update the Electronic Communications Privacy Act of 1986 with consideration of an amendment dealing with the requirement of a warrant to search email. It is also anticipated that this same group of individuals may begin to investigate the topics of privacy and search related to cell phone information. In any case, it is very clear that inconsistent interpretation on a State-by-State basis is the norm for the moment and it will likely stay that way for the near future.
In my view, while many organizations should have nothing to fear relating to business use of cell phones, there is the question of what these devices are being used for in a personal sense. If you issue a corporate cell phone to employees and allow personal use as well, should you then put into place a policy and governance over their use? It is your device after all, and while there is an implied sense that the employee should not do anything that could bring negative results for your organization, you may want to consider developing, distributing and getting acknowledgement that certain expectations exist. There are some organizations today that disallow personal use of company issued cell phones at any level if the device is provided to the employee by the company, requiring the employee to carry a separate device for personal use.
The question is yours to answer in relation to your organization but it is one that I strongly suggest you consider. Put it in this context, your employee is arrested and the cell phone confiscated belongs to your company. As a result, any and all of the company information residing on that device, including that which may be if a confidential or sensitive nature is now exposed to individuals who do not normally have the right to see it. What could you do to prevent it or at minimum, protect your company's information assets?
If you are ready to move forward and are finding yourself stuck or unfocused and are not sure where to begin or what to do next, seek professional assistance and/or training to get you started. Be sure to investigate AIIM's Enterprise Content Management training program.
And be sure to read the AIIM Training Briefing on ECM (authored by yours truly). Click on the image to download and read.
What say you? Do you have a story to tell? What are your thoughts on this topic? Do you have a topic of interest you would like discussed in this forum? Let me know.
Bob Larrivee, Director and Industry Advisor – AIIM
Email me: blarrivee@aiim.org
Follow me on Twitter – BobLarrivee
www.aiim.org/training
#InformationGovernance