I saw that there was a recent case in Ohio, Lazette v. Kulmatycki, where a company was found in violation of the...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
Stored Communications Act, or SCA, because it didn't adequately tell employees how it monitors communications on BYOD devices. What sort of BYOD monitoring details should we include (or not include) in our policy?
Ask the Expert!
Got a vexing problem for Mike Chapple or any of our other experts? Ask your enterprise-specific questions today! (All questions are anonymous.)
The case is quite interesting for IT administrators because it actually does not involve a BYOD device. Rather, it covers personal use of a company-owned device.
In this case, Sandi Lazette sued her previous employer, Verizon Wireless, after discovering that her former supervisor used the cached credentials on her company-owned BlackBerry to access her Gmail account after the end of her employment with the firm. Lazette believed that she had removed her personal email account from the device before turning it in, but she had not actually done so. She alleged that her supervisor used the device to access her account over the next 18 months, reading her email and sharing it with others.
In June, the court overruled a motion by Verizon to dismiss the case outright, clearing the way for it to proceed to trial. This does not yet mean that Verizon has been found guilty of violating the Stored Communications Act, but it certainly does serve as a warning to IT administrators in firms that allow the personal use of mobile devices.
It is clear that, any legal claims notwithstanding, having knowledge of someone's username and password does not provide the right to use that information to access an account. Firms worried about the potential for similar litigation by their employees should consider adopting a standard process used to clear account information from mobile devices before reassigning them to other employees. The most straightforward way to achieve this would be to systematically wipe all of devices' contents before transferring their ownership.
Dig Deeper on Information Security Laws, Investigations and Ethics
Related Q&A from Mike Chapple
A proposed cyberattack information database in the U.K. aims to improve cyberinsurance. Expert Mike Chapple explains what collecting data breach ...continue reading
The proposed CFTC regulations on cybersecurity testing are set to finalize in 2016. Expert Mike Chapple discusses the effects these regulations have ...continue reading
Whether Apple is a HIPAA covered entity was called into question when it advertised for a health regulations lawyer. Expert Mike Chapple discusses ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.