With mobile devices such as laptops, smartphones, and tablets common in the workplace, employees personal social media and webmail content may invariably find its way onto devices and into the hands of employers. Employers must carefully consider the implications of personal data being accessible to company managers or IT personnel, and be sure that policies, training and protocols are established to reduce or eliminate risks.
Indeed, many corporations are embracing the "dual use" phenomenon. In policies for both company-owned equipment and bring your own" devices, the overarching goal is to facilitate employees effective and efficient use of time. Not long ago, employers and their counsel focused primarily on risks associated with accessing email, whether corporate or personal. But the explosion of mobile applications that users download onto smart devices has increased the challenges and risks. Today’s apps now can store or export data onto or from mobile devices, raising potential trade secret and data protection risks.
Another challenge is when employees download and install social media and personal webmail apps. Often, these apps automatically access and pull data from existing accounts onto the device. Consider, for example, a company-owned, dual-use smartphone where an employee installs both Facebook and Gmail apps. While using the device, the employee routinely accesses her Facebook and Gmail content from her smartphone via the app. However, she was only required to insert her login credentials for each app once. Thereafter, the app uses this constant login to update and refresh the personal social media and webmail content on the device. Assume also that the apps settings result in the phone receiving automatic alerts letting the employee know when she receives new emails or when there is activity on her personal Facebook page along with substantive information about such activity.
