Whether tablets or smartphones, mobile devices are always by our side, said Steve Wu of Cooke Kobrick & Wu in Los Altos, Calif. “Consumer technology is driving what’s happening in business,” he said.
For example, banks are now technology companies as well, said Damier Xandrine, senior counsel at Wells Fargo Bank, San Francisco. Banks are expected to be available via mobile devices and for online bill payments.
The multiplicity of devices has led to the ubiquity of information, said San Francisco litigator Joseph M. Barton. “Electronic evidence can be generated all the time,” he said. “This automatically means you’re involved in cloud issues. How do I get information and authenticate it? How do I use it?”
The cloud, he explained, is a computer server or servers in a location other than where the primary business is. “It’s taking information and moving it off site and putting it on a server accessible by the Internet,” Barton said.
With mobile devices, he said, there is an expectation of privacy. But smartphones, for example, are essentially GPS devices that collect information about you and what you’re doing. If necessary, he said, law enforcement can surveil everywhere you go. “There is a tension between your expectation of privacy and law-enforcement needs,” Barton said. “There will be more cases to flesh this out. What is the expectation of privacy that a citizen has?”
Smartphones, in particular, present a complicated security landscape, said Lucy L. Thomson, a solo practitioner and tech consultant in Alexandria, Va. “Millions of personal records are lost or stolen every year,” she said. “Mobile devices can have malware, and once it’s on your phone, hackers can steal data on the phone.”
“Bring your own device” policies are a top concern among corporations, Wu added.
Although BYOD is an appealing concept, it can put data at risk, Thomson said. She cited medical records on personal devices as one example. “There are different levels of vulnerability depending on the device,” she said. “Android devices tend to be more vulnerable.”
BYOD is not for every organization, Wu said. “Every organization should do a risk analysis” to determine whether it’s a good choice, he said. “Sometimes reputational risk is too great, and perhaps there are only certain parts of the company that are BYOD.”
The lack of privacy policies is a critical problem, Barton said. “Companies are implementing BYOD and they don’t have a BYOD policy,” he said.
Sometimes just because a competitor is doing something doesn’t make it the right choice for you, Xandrine said of BYOD.
It’s key to plan in advance your mobile program and evaluate it, Wu added.
The panel was moderated by Ruth Hill Bro of Chicago, who has focused her legal career on advising companies on privacy and information management strategy, global compliance, the electronic workplace and e-business. The program was sponsored by the ABA Section of Science and Technology Law.