As the line between work and home becomes increasingly blurred,
the federal, British Columbia and Alberta privacy commissioners
have issued joint guidelines to help
organizations reduce the risks of privacy breaches with respect to
employers' data accessed from employee-owned devices (EODs),
while also securing employees' privacy rights regarding any
personal information stored on EODs.
The guidelines, issued on August 13, 2015, apply to all types of
EODs – that is, all desktops and mobile devices, such as
smartphones, tablets and laptops – used to access corporate
data, emails, communications, applications and other processes and
information, and intend to address issues pertaining to: (i) risk
assessment; (ii) acceptable uses of EODs; (iii) corporate
monitoring and app management; (iv) the sharing of EODs; (iv)
connection to corporate servers; (v) responsibility for security
features; (vi) software updates; and (vii) voice or data plans.
The guidelines also emphasize that organizations' BYOD
programs should provide for restriction with respect to: (i) cloud
services, (ii) devices and operation systems; and (iii) information
that can (or cannot) be stored on EODs. Likewise, the guidelines
stress that such BYOD programs should address a number of issues,
including: (a) users' responsibilities; (b) acceptable and
unacceptable uses of EODs; (c) access and security requirements;
and (d) sharing of EODs with family and friends.
Finally, the guidelines indicate that although BYOD programs can
be part of an organization's cost reduction strategy, using
EODs to carry out both personal and business functions may
introduce privacy and security risks that could impact both
personal and corporate information. Accordingly, in addition to the
foregoing, the guidelines set out a series of considerations to be
taken into account, such as: (i) implementing mobile device
software to manage EODs that connect to the corporate network and
effecting proper authentication measures; (ii) signing, with each
EOD owner, an agreement providing for the administration activities
that can performed on the EOD by the organization; (iii)
considering partitioning each EOD into two compartments; (iv)
implementing encryption, storage and retention procedures; (iv)
addressing vulnerabilities and malware protections; and (v)
providing adequate training for all IT professionals and users.
Norton Rose Fulbright Canada LLP
Norton Rose Fulbright is a global legal practice. We provide
the world's pre-eminent corporations and financial institutions
with a full business law service. We have more than 3800 lawyers
based in over 50 cities across Europe, the United States, Canada,
Latin America, Asia, Australia, Africa, the Middle East and Central
Recognized for our industry focus, we are strong across all
the key industry sectors: financial institutions; energy;
infrastructure, mining and commodities; transport; technology and
innovation; and life sciences and healthcare.
Wherever we are, we operate in accordance with our global
business principles of quality, unity and integrity. We aim to
provide the highest possible standard of legal service in each of
our offices and to maintain that level of quality at every point of
Norton Rose Fulbright LLP, Norton Rose Fulbright Australia,
Norton Rose Fulbright Canada LLP, Norton Rose Fulbright South
Africa (incorporated as Deneys Reitz Inc) and Fulbright &
Jaworski LLP, each of which is a separate legal entity, are members
('the Norton Rose Fulbright members') of Norton Rose
Fulbright Verein, a Swiss Verein. Norton Rose Fulbright Verein
helps coordinate the activities of the Norton Rose Fulbright
members but does not itself provide legal services to
The content of this article is intended to provide a
general guide to the subject matter. Specialist advice should be
sought about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).