In many organizations, decisions about mobile technology are made primarily or exclusively by the IT and IT security departments working together.
All too often, there’s one department that’s left out of these discussions: the organization’s own legal team, and In-house Counsel. This omission is unfortunate. Legal counsel is familiar with laws, including the latest rulings about electronic discovery and data privacy, and others issues pertaining to liability and risks. Enterprises would be wise to consult in-house counsel when establishing employee policies about data confidentiality, BYOD, and use of mobile devices. There’s another reason, too, for consulting in-house counsel when mobile security policies are being formulated. In the unfortunate case that mobile technology leads to a data breach or regulatory violation, in-house counsel will likely end up spearheading the response. If the company’s legal team has the opportunity to offer guidance before a possible breach or violation occurs, then the opportunity for legal surprises is minimized.
In a series of articles for InsideCounsel Magazine (here and here), attorney and legal security expert Matt Nelson explains why inside counsel should be involved in mobile security decisions from the start. He makes the following points about legal issues and a mobile workforce:
Nelson’s advice for enterprises? IT teams should bring their In-house Counsel and legal teams to the table when defining security policies. Also any mobile security solutions should provide IT administrators and legal counsel with the ability to monitor, track, and retrieve data on mobile devices. In addition, mobile security solutions should guard against mobile malware and protect data on devices that are lost or stolen.
In my judgment, Nelson makes a solid case.