Tag Archives: privacy

Courts and Lawyers: Gauging the Level of Technical Knowledge

Like many people, I make a lot of assumptions.  Lately, I have made a lot of assumptions about people’s level of knowledge when it comes to cyber security and technology.  This is likely due to my background and training.  If you work in the IT or cyber security or related areas chances are you also make a lot of these assumptions as well.

Recently I learned that the level of knowledge regarding cyber security and technology amongst the legal profession is not as high as I had assumed.  This is not a knock on my colleagues in the law profession, but my failure to avoid making assumptions.  For instance, when emails are offered into evidence their authenticity must be established, but does this include whether the email address is genuine and was not spoofed, the content is original and was not altered, the date and time was not altered, the location of where the mail was accessed if webmail; how webmail works, where the servers are located, the meta data of messages, etc.  Example: if one party offers emails to prove a point about their opponent and the offering party had not been given access to the email account, the question should be raised as to where the emails came from and whether they constitute evidence of a crime; e.g. was the email account hacked?

This is not unique to email but would apply to social media accounts as well.  Many people today do not realize how easy it is to fake, alter and manipulate Online or E-accounts.  Certainly the legal profession must be provided the training and information to know the right questions to ask regarding the authenticity of evidence.

Technology and the Workplace: BYOD

The latest buzz word or acronym around the water cooler is BYOD or bring your own device. Use of mobile devices has sky rocketed over the last year with the iPhone, iPad, tablets, Android, etc. Everyone wants the latest and the greatest. But, who wants to carry around two devices, the company’s and your own? Even if you don’t mind carrying the extra device, how many man-hours do employers lose when employees are exploring and surfing their new mobile devices at work?

It may be better, depending on the business, to just allow employees to use their personal devices for work. This issue is similar to the controversy over whether to allow employees to use social media. On that one, cat’s out of the bag. They are. So put a policy in place to set parameters to benefit and protect the company. But BYOD, whoa, how many privacy, security and legal issues does this generate? A lot!

As an employer, what can you do? Again, put a policy in place and do it now. Don’t just throw something together piece meal as you go along, do it right.

Now, this may sound a little self-serving, but, commonsense dictates having it drafted by a lawyer who is familiar with the technology, privacy, and other issues to ensure your company is protected, and consequently so is the employee.

The policy or policies need to address questions such as can you monitor the personal device; implement encryption; require anti-virus; tracking, secure wipe; use of passwords; etc.? The answers, by the way, are yes, yes, and yes.

Best plan is to have a monitoring policy and a mobile device use policy, or BYOD policy, and give employees the option: “if you wish to use your personal device at work you must agree to the terms of the policy.” The alternative would be to use the company device, aka “the brick”, if they are not willing to accept the terms.

Bottom line: a well thought out and well drafted policy or policies are the key! Watch for the next installment of “Technology and the Workplace.”