Rely on the most comprehensive, up-to-date legal content designed and curated by lawyers for lawyers
Work faster and smarter to improve your drafting productivity without increasing risk
Accelerate the creation and use of high quality and trusted legal documents and forms
Streamline how you manage your legal business with proven tools and processes
Manage risk and compliance in your organisation to reduce your risk profile
Stay up to date and informed with insights from our trusted experts, news and information sources
Access the best content in the industry, effortlessly — confident that your news is trustworthy and up to date.
With over 30 practice areas, we have all bases covered. Find out how we can help
Our trusted tax intelligence solutions, highly-regarded exam training and education materials help guide and tutor Tax professionals
Regulatory, business information and analytics solutions that help professionals make better decisions
A leading provider of software platforms for professional services firms
In-depth analysis, commentary and practical information to help you protect your business
LexisNexis Blogs shed light on topics affecting the legal profession and the issues you're facing
Legal professionals trust us to help navigate change. Find out how we help ensure they exceed expectations
Lex Chat is a LexisNexis current affairs podcast sharing insights on topics for the legal profession
Printer Friendly Version
When a client comes to you, they won’t usually say ‘Please can you explain the implications of the Svensson case to me?’; they are more likely ask ‘When is it lawful to link to other websites?’.
In Lexis®PSL IP & IT we have developed a series of Q&As that are typically scenario-based and phrased in terms of the question or conundrum a client will typically come to you with.
The LexisAsk service in Lexis®PSL delivers answers to typical and topical problems or issues that our customers face. The ‘best’ (ie most popular, interesting, relevant or topical) of these questions and answers are then modeled into a ‘Q&A’ style format, and published.
The purpose of a Q&A is to provide a quick overview of the relevant key considerations, together with links into useful information (from Lexis®PSL and LexisLibrary), allowing either a quick refresher or a starting point for deeper research.
You can also sneak a peek at the types of questions that other lawyers are asking (anonymised of course!)
Each month WIPIT will be fetching you a sample Q&A.
Against a backdrop of data security scares arising from increasing use by employees of their own devices, we respond to the query:
How do I develop a bring your own device (BYOD) policy?
1. Focus on the policy objective—protecting company information
The objective of a BYOD policy should be to ensure company information is adequately protected, while facilitating more flexible working by users. Any security measures adopted by the company as part of BYOD should only go so far as is necessary to achieve this objective and be proportionate, considering individuals' personal privacy.
2. Define who is covered by the policy
Limit BYOD to those users who it is desirable to allow to work in this way, eg allowing suppliers/partners/customers to connect to the company network using their own devices adds complexity and potentially increases risk. Give BYOD users access only to the specific company IT systems they need to use in this way, rather than the entire company network.
3. Specify the devices covered by the policy
Detail the relevant technical specifications for devices that can be used under BYOD. Outline any procedure for registering devices and implementing any security measures required before devices can be used to connect to work systems. Blacklist any non-permitted apps or activities (eg 'jailbreaking') that may interfere with functionality of company IT systems or pose a security risk.
4. Adapt depending on how company systems are accessed
If company information on company IT systems is accessed via a web portal and no local copy is saved on the user's device, the information security risk to the company is minimised and (apart from possibly initial set-up) there is generally no need for the company to access data on the user's device. Alternatively, if users can save company information onto their personal devices, stricter (and accordingly more intrusive) security protections may be needed.
5. Encourage users to separate their data from company information
If company data is saved on users' personal devices, direct users to implement appropriate protocols for filing company information separately from personal information. This minimises potential intrusion for the user and makes it easier for the company to identify and ringfence company information. Encourage users to regularly back up their data on personal devices, so this can be restored if necessary.
6. Be clear on what will happen if the device is lost or stolen or users stop working for the company
Identify clearly who in the company the user need to contact if a device is lost or stolen or if they cease to work for the company, and what will happen in that situation. Notify the user in advance if data wiping technology is to be used—use this only if there is no viable alternative, as generally it is not possible to selectively wipe company data, therefore user data will be lost as well.
7. Consider who is responsible for costs and support
Clearly set out who is responsible for the cost of repairs and service provider charges relating to the user's device—these may be shared proportionately on an agreed basis or specific costs may be allocated to one party or the other. Outline any obligations the company may have to support user devices, eg for connectivity issues at the company's end, restoring backed up user data after data wiping by the company, or downloading or updating company-prescribed software/apps on users' devices.
For Lexis®PSL IP & IT Subscribers, a checklist of issues to consider in a BYOD policy are outlined in precedent: Bring your own device (BYOD) policy and a more detailed discussion of the considerations and risks relating to BYOD is contained in Practice Note: Bring your own device (BYOD).
0330 161 1234