On December 11, 2013, Ontario's Information and Privacy
Commissioner, Dr. Ann Cavoukian, and TELUS released a new
whitepaper applying the principles of Privacy by Design to employee
owned devices in the workplace. The whitepaper, entitled "Bring Your Own Device: Is Your Organization
Ready?", sets out a five-step process for developing and
implementing a BYOD program. Those steps are:
Step One: Establishing Requirements –
End-User Segmentation. This involves identifying user
Step Two: Technology Alignment and Device
Choice. This involves aligning permitted devices to user
needs and operational considerations, as well as the level of
access permitted based on the device characteristics.
Step Three: Policy Development. In this step,
the organization is to develop policies and procedures governing
information security, monitoring, privacy, guidance on the use of
wifi, termination of employment and other issues engaged by
Step Four: Security. This step requires the
organization to evaluate existing and implement additional
administrative, technical and physical security controls to enhance
or maintain the security of the organization's IT
infrastructure and the integrity and privacy of personal
Step Five: Support. In this final step, an
organization to have a plan to support employees, including with
respect to lost or misplaced devices.
There is one place where I might part company with the
Information and Privacy Commissioner's Whitepaper. In my view,
a BYOD policy is insufficient to address the complexities of
managing security and privacy expectations and the cooperation
required by employees and information technology and security
Last month, I had the pleasure of speaking on a panel with JoAnn
Sochor, AVP Social Media Compliance at TD Financial Group, and
Nyree Embiricos, counsel at Amex Bank of Canada regarding social
media and BYOD in financial institutions.
In our presentation, I strongly recommended an annual User
Participation Agreement that sets clearly the rights and
responsibilities of the user and the employer. Below, I've
included the text of my presentation slides and some of the slides
setting out a framework of issues to be addressed in a BYOD User
Dentons is a global firm driven to provide you with the
competitive edge in an increasingly complex and interconnected
marketplace. We were formed by the March 2013 combination of
international law firm Salans LLP, Canadian law firm Fraser Milner
Casgrain LLP (FMC) and international law firm SNR Denton.
Dentons is built on the solid foundations of three highly
regarded law firms. Each built its outstanding reputation and
valued clientele by responding to the local, regional and national
needs of a broad spectrum of clients of all sizes –
individuals; entrepreneurs; small businesses and start-ups; local,
regional and national governments and government agencies; and
mid-sized and larger private and public corporations, including
international and global entities.
Now clients benefit from more than 2,500 lawyers and
professionals in 79 locations in 52 countries across Africa, Asia
Pacific, Canada, Central Asia, Europe, the Middle East, Russia and
the CIS, the UK and the US who are committed to challenging the
status quo to offer creative, actionable business and legal
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances. Specific Questions relating to
this article should be addressed directly to the author.
On Thursday, September 22, 2016, Dentons hosted a panel discussion about the management of liabilities and risks associated with environmental crises, including potential liabilities for directors and officers and provided insight into risk and liability techniques associated with environmental crisis management.
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).