• Join our Communities!

  • Twitter Updates

    Error: Please make sure the Twitter account is public.

  • Disclaimer:

    The information in this weblog is provided "AS IS" with no warranties, and confers no rights. The opinions and interests expressed on this employee blog are the employees' own and don't necessarily represent EMC's positions, strategies or views. Inappropriate comments will be deleted at the authors discretion.

Archiving To Help Solve BYOD

We have written before about the security, privacy, compliance and legal issues created by the Bring Your Own Device (BYOD) phenomenon.  And if BYOD seems difficult here in the US, it’s far more difficult in the EU with its stronger protection of personal data.  With BYOD, personal information is being mixed with corporate information on an employee-owned device, often with no real corporate oversight, creating all kinds of new problems.

The UK’s Information Commissioner’s office recently published guidance to assist organizations in dealing with BYOD concerns in the EU.  Of course, a main point is that having a clear and effective BYOD policy is a crucial step for any organization.  But one issue, along with its related advice, really caught our attention:

     “If copies of data are stored on many different devices. . . there is an increased risk that personal data will become out-of-date or inaccurate over time … [or] retained for longer than is necessary … [because] it is more difficult to keep track of all copies of the data.  Using devices to connect to a single central repository of data can help mitigate this risk.”   [Emphasis added].

Centralized archives, operating and retaining data according to company policies, serve this purpose.  For example, rather than having email (and attachments) stored on various email servers, in PST files and on devices for every custodian, it should be stored, maintained, accessed (and ultimately deleted) from a single instance email archive.  Each device can serve as a “window” to that centralized content so that it’s accessible as needed, and then deleted.  This avoids creating new instances of each message that are stored and managed for each individual device requiring access to the data.  And this same concept can be applied to documents from file systems, Sharepoint, even records management systems.

Not every organization will have to meet EU (or even EU-style) data requirements.  But centralizing and managing content is a solid best practice that will pay dividends no matter where you are located.

Advertisements

EU Juggernaut Germany Looks at Business Related e-Mail Different than from a Pure Privacy Perspective?

Tom Reding

Recently, the Higher Labor Court of Berlin-Brandenburg Germany ruled that an employer has the right to access and review an employee’s work-related e-mail during his / her absence from work.

The ruling makes it very clear that an employee’s rights to use the company’s e-mail system for private communications does not preclude the employer from reviewing an employee’s business related e-mail.

The circumstances behind this ruling were as follows:

  • The plaintiff (employee) could not work due to a long-term illness.
  • The employer was unsuccessful in locating the employee to get her consent, so that they  could access and read her business related e-mails, in order to respond to a customer’s request.
  • After several weeks, the employer circumvented the employee’s password, read and printed the employee’s business related e-mails.  (The employer did not read or print any e-mails labeled “private”.

The plaintiff (employee) requested a court order prohibiting her employer from accessing her e-mail account during any future absences without her explicit consent but, was unsuccessful in obtaining such an order.

The Higher Labor Court rejected Continue reading