Blogs

Mobile Madness, Part 2

By Helen Streck posted 03-01-2012 21:29

  

This blog was co-authored by Scott Murchison, Vice President, RIM Services, Kaizen InfoSource.  In one of our past blogs, we talked about the advent of mobile devices for storing and communicating information within the organization, but before we can talk about using mobile technology to access and manage content, it’s important to understand who owns the data being accessed and what the privacy and security ramifications are for utilizing these critical tools in information governance. 

As the Quon v. Arch Wireless case illustrates, there is no reasonable expectation of privacy in the use of mobile devices in the workplace, at least in the public sector. It is important that your policy reflect this new reality. Employees should know that what they say and do on mobile devices belongs to the organization and that they may not have an expectation of privacy if they also utilize this same technology to discuss personal/private information. In Quon case, the officer was texting racy messages to his spouse…and another person. His records were subpoenaed and the truth was revealed by his employer, the Ontario Police Department. He sued for invasion of privacy and won; however, the Supreme Court of the U.S. recently overturned that decision, thus establishing that there can be no ‘reasonable’ expectation of privacy when using company-issued equipment to discuss personal business.

As Officer Quon discovered, his personal conversations via texting were not protected from scrutiny by his employer. When he refused to allow access to the data, his employer went to the third-party carrier, Arch Wireless, and subpoenaed the information from them. If they had the information, they had to produce it, which they did. This hasn’t been adequately tested in the private employment arena yet, but you can bet it is coming.

As mentioned in Part 1, managing information includes: defining what is a ‘record’, identifying the sensitivity of information, protecting information, information use, managing retention, and classifying the information according to a file plan. It now also means informing employees about who owns the information, namely the company. If you allow employees to use their own smartphones and personal equipment to access and manage information, they should understand that their own information may be subject to, at least, viewing by their employer if the company information from that personal device is ever subpoenaed.

 



#ElectronicRecordsManagement
0 comments
10 views

Permalink