Personal Cellphone Privacy at Work

Employees’ expectations of privacy for the mobile devices they own and use for work don’t match up with reality, according to a survey of 2,997 workers in the U.S., the United Kingdom and Germany.

“The consistent trend [from the findings] was that the [mobile device] users underestimated what company data their employer could see and overestimated what personal data their employer can see,” said Ojas Rege, vice president of strategy for MobileIron, a mobile enterprise management vendor.

In fact, the online survey, conducted July 14-18, 2013, among randomly selected adults for the California-based company found that 41 percent of respondents are sure their employer can’t see any of the information on their devices, 28 percent believe that their company can’t see their business e-mail and attachments, and about 22 percent think their employer can see their work contacts.

According to MobileIron, a company can see the following information if it chooses:

• The device’s carrier (such as AT&T) and country.
• The make, model and operating system (OS) version, such as Windows 7.
• Device identifier, much like a vehicle identification number for a car.
• Phone number.
• Complete list of apps installed on the device.
• The device’s location.
• Battery level.
• Storage capacity and use.
• Corporate contacts (when the exchange server is the same as the PC’s).
• Corporate e-mail and attachments (when the exchange server is the same as the PC’s).

As far as seeing e-mail on personal devices used for work, Rege said it depends; iPhone users could have two accounts: a company account and a personal account, such as Gmail.

Otherwise, if employees use their devices to receive business e-mail, their employers can see that e-mail, too, he said.

The employer cannot see or access:

• Information in apps unless the app has been designed to transmit information to a corporate server.
• Personal e-mail and attachments.
• Texts.
• Photos.
• Videos.
• Web-browsing activity.
• Voice mails.

And while there was little variation among gender and countries, the survey did find generational differences in sensitivity to privacy concerns—workers ages 18 to 34 were “significantly less comfortable” about the data their employers could see on their devices than those over 55.

“It might be the older employees are more trusting of their employer, or their jobs are more secure, or they’re more careful” about the information they put onto devices they use for work, Rege theorized.

Having personal information on devices used for work can be a problem when an employee leaves, as the employer will want to delete any company-related information—that, in turn, could inadvertently wipe out the personal data.

“HR is absolutely going to be involved with IT and legal in drafting the user agreement with the employee,” Rege said. “In that user agreement the company does need to have the right to wipe the whole device,” and the employee will want to back up any personal information.

Transparency Builds Trust

A high percentage of employees own the devices they use for work—84 percent of respondents own the smartphone they use, and 82 percent own their tablet, the survey found.

But many don’t know what their employer can and can’t see on their mobile devices or why a business would need to see some of this information, Rege said, “because it hadn’t been communicated to them from IT or human resources.”

They may not realize that organizations are interested in seeing what apps are on an employee’s device because they want to know whether there are any rouge applications that could damage company data that’s on the device, he explained.

Transparency is the key to bridging the gulf between employee expectations of privacy and reality.

In fact:

• 26 percent of employees said the most important action organizations can take to increase workers’ trust is to explain in detail the purpose of viewing certain information on personal devices and how they separate personal content from work content.
• 20 percent would like their employer to ask their permission, in writing, before accessing anything on their personal device.
• 18 percent prefer written notification about what their company can and can’t see.
• 18 percent want employers to promise, in writing, that they will look only at company data on workers’ personal devices.
• 15 percent want a written request from their employer seeking permission before accessing anything on a personal device that’s not work related.

“In the traditional laptop world, IT controlled everything and they controlled every bit of software,” Rege said. “There wasn’t a bit of data that it couldn’t see and that it couldn’t monitor. But now, that’s not the model … it’s a partnership model. If it’s going to be a partnership, then the needs of the employee are really, really important in order to put together the right policies.”

Implications for HR

The use of personal mobile devices for work “is a cultural program as much as it’s a technology program in companies,” Rege said, “especially with the next generation of employees coming in; they need mobile technology to do their work.”

Closing the trust gap requires IT and HR to forge a partnership, he said. As the human resources team becomes aware of the goals of the company’s mobile initiatives, it can help explain to employees why the company wants access to certain information and can provide employees with more information about what the employer can and can’t see on personal devices used for work.

“Communication was the key here” in the findings, Rege noted. “If the company can become more communicative with the user about how [it’s] using the information on that device, the trust level of that user will grow tremendously.”

Kathy Gurchiek is associate editor for HR News.

Related articles:

Walk the Line on Employee Privacy, HR News, June 2013
U.K. Advises Employers to Develop ‘Bring Your Own Device’ Policy, SHRM Legal Issues, April 2013

Related resource:

Electronic Devices: Bring Your Own Device (BYOD) Policy, SHRM Templates & Samples