Despite the growing demand from employees to use one device for both personal and work life, and the increasing number of mobile device management solutions, organizations are still hesitant to implement bring your own device (BYOD) programs.
Despite then-VA Chief Information Officer Roger Baker’s 2012 prediction that within five or six years, the U.S. Department of Veterans Affairs (VA) will adopt BYOD, the VA does not plan to allow employees to use their own tablets or Smartphones at work until it resolves legal issues over access to personal data stored on the devices.
Acting CIO Stephen Warren said the VA does not plan to approve a BYOD policy until officials address whether inspectors general or other investigators have a right to personal information on personal tablets or phones. The VA needs to determine, “What are my rights as a private individual and what are my rights as a VA employee?” to both personal and public information stored on the same device, Warren said.
"If I have that device and it's mine, what are my rights as a private individual, and what are my rights and responsibilities as an employee, and how does that play with the information, if you will, on a dual-use device?" he said. "We actually haven't gotten a clean read on that."
BYOD brings privacy challenges for personal information. Employees are using the same devices for work to engage in personal computing – browsing the Web, personal e-mails, photos, chat histories, personally identifiable information, music, software, user names and passwords and financial account numbers are just some examples of the personal data that can be put at risk.
The U.S. Supreme Court considered this issue in the City of Ontario, California v. Quon, which involved a search by a city concerning an employee’s alleged use of the city’s device for personal texting both on and off duty. The key issue in front of the court was the extent to which a police officer had a reasonable expectation of privacy with respect to private messages sent and received on a city-owned device while on or off duty, and if so, whether the city’s search was unreasonable.
The line of privacy on devices used for work becomes blurry when the device is personally owned and it is known that personal and private activities are likely to take place on the device. The same types of monitoring used for company-issued devices on a company network may not be appropriate for BYOD.
The department took a big first step toward a BYOD policy by issuing a contract for a mobile device management system that has been delivered and is up and running, used with a number of pilots, including iPads that VA caregivers use. It also is looking to other federal agencies that are piloting BYOD for guidance, including Homeland Security, as well as the Federal CIO Council, which has been investigating BYOD issues.
The VA recently awarded contracts valued at $5.3 billion over five years to three companies, to provide desktop and laptop computers, tablets and network gear: Alliance Technology Group (News - Alert) LLC, Red River Computer Co., Inc., and Valador, Inc., for its
Commodities Enterprise Contract out of a field of more than 50 bidders.
Edited by Rory J. Thompson