One of the key trends affecting CIOs' priorities at the moment is the proliferation of personal IT devices used for business purposes.

Many business users now have better access to technology at home than they do at work, so the pressure is increasing on IT departments to support the use of personal devices for work purposes.

The iPhone leads the way, although other Android-based smartphones, Windows laptops and the iPad are not far behind.

This trend leads to considerably more complexity for IT departments to manage but CIOs also need to grapple with the legal and regulatory issues raised by the use of personal devices for work purposes.

These include the possible loss or theft of enterprise data, software licensing implications, the potential loss of intellectual property, the impact on HR laws and difficulties meeting compliance requirements.

As a result, many organisations have specific policies designed to cope with the move towards a bring-your-own-device (BYOD) system of technology provision.

Data issues: The most obvious legal concern stems from the challenge of ensuring data security on non-company equipment, which primarily arises from it being harder to keep track of where data may actually be and the difficulty of policing the use of personal devices.


Companies need to grapple with scenarios such as what happens if an employee puts corporate data into a non-corporate supported location like Dropbox or stores data on a device which is also used by their family.

If there's a security breach, what's the appropriate corporate response? Is it really practical to take the position that corporate data cannot be stored on personal devices?

Most countries have laws which require organisations to ensure against the implications of losing sensitive data.

This becomes significantly harder if the device on which that data is stored is not owned by the enterprise itself.

Most organisations employ encryption as standard and deploy remote-wipe capability, but the challenges of the data privacy implications of a BYOD world are not to be underestimated.

Many organisations understand that users, and the content they generate and consume, vary in the level of information sensitivity.

As a result, the approach taken needs to be nuanced to deal with individual users and types of device.