I saw that there was a recent case in Ohio, Lazette v. Kulmatycki, where a company was found in violation of the...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
Stored Communications Act, or SCA, because it didn't adequately tell employees how it monitors communications on BYOD devices. What sort of BYOD monitoring details should we include (or not include) in our policy?
Ask the Expert!
Got a vexing problem for Mike Chapple or any of our other experts? Ask your enterprise-specific questions today! (All questions are anonymous.)
The case is quite interesting for IT administrators because it actually does not involve a BYOD device. Rather, it covers personal use of a company-owned device.
In this case, Sandi Lazette sued her previous employer, Verizon Wireless, after discovering that her former supervisor used the cached credentials on her company-owned BlackBerry to access her Gmail account after the end of her employment with the firm. Lazette believed that she had removed her personal email account from the device before turning it in, but she had not actually done so. She alleged that her supervisor used the device to access her account over the next 18 months, reading her email and sharing it with others.
In June, the court overruled a motion by Verizon to dismiss the case outright, clearing the way for it to proceed to trial. This does not yet mean that Verizon has been found guilty of violating the Stored Communications Act, but it certainly does serve as a warning to IT administrators in firms that allow the personal use of mobile devices.
It is clear that, any legal claims notwithstanding, having knowledge of someone's username and password does not provide the right to use that information to access an account. Firms worried about the potential for similar litigation by their employees should consider adopting a standard process used to clear account information from mobile devices before reassigning them to other employees. The most straightforward way to achieve this would be to systematically wipe all of devices' contents before transferring their ownership.
Dig Deeper on Information Security Laws, Investigations and Ethics
Related Q&A from Mike Chapple
The FTC was granted authority in enterprise cybersecurity regulations. Expert Mike Chapple explains what this means for organizations.continue reading
PCI DSS is pretty specific about security, but does it do enough for mobile payment security? Expert Mike Chapple explains why he says yes.continue reading
The U.S. government has been criticized for its lack of updated privacy regulations. Expert Mike Chapple advises enterprises that want to bolster ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.