The document discusses key themes and considerations for organizations regarding employees using personal devices for work. It covers issues around data access, device risks, management risks, and staff awareness. Specific topics examined include corporate and personal liability, digital evidence, monitoring communications, data protection, and implementing appropriate policies to address these issues. The goal is to help businesses balance enabling innovation through new technologies while managing risks.

1. What's on your E RADAR?
Using personally-owned devices at work
Will Roebuck
Founder and CEO, E RADAR

2. 4 Themes
● Data Access
● What data, when, how and by whom?
● Device Risk
● Abuse and misuse, malware, by-passing in house security
● Management Risk
● Monitoring threats, responding to alerts
● Evaluating new operating systems and devices
● Awareness
● Staff policies and procedures

3. Important Points
● The 'bottom line'
● Corporate and personal liability
● Digital evidence
● Misuse of personal devices
● Monitoring networked communications
● Workers and personal data
● Stored networked communications
● Implementing a policy

4. The 'Bottom Line'
● Enterprise, innovation and competition
● Balancing supply and demand with risk management
● Deploying resources carefully
● Smarter business management
● Developing and using the right people skills
● Improving business processes; supply and demand chains
● Opening up new markets
● Investment in enabling technology
● Enabling laws and regulations, standards

5. Corporate and personal liability
● Legal and regulatory requirements
● Registering, filing and retaining records and information
– e.g. Company Annual Returns / VAT Returns
– e.g. Notifying under Data Protection / WEEE record retention
● Vicarious liability
● Duty of 'reasonable' care towards employee
● Prevent improper or illegal activities over business systems
● Personal liability
● Directors failing to undertake duties implied by law or as
additional duties in their contract

6. Evidence – basic concepts
● Evidence (in legal terms) is the way that a fact is proved or
disproved in a court or tribunal.
● Law of evidence regulates what is admissible in a court of
law or tribunal
● An organisation may need evidence for
● Dealing with claims of unfair dismissal of employee
● Proving IPR on invention
● Proving existence of agreement in disagreement with a
customer

7. Types of evidence
● Oral testimony
● Real evidence in material form (e.g. documents)
● Primary = signed original contract
● Secondary = unsigned draft of that contract
● Electronic evidence (primary or secondary)
● Hearsay
● Evidence given by a person as to what another person said
● Less reliable than first person account but admissible
● Rules much tighter in criminal cases

8. Burden and standard of proof
● Civil cases
● Burden of proof is with claimant
● Defendants may also need to prove something in case to
rebut accusations
● Standard of proof is 'balance of probabilities'
● Criminal Cases
● Burden of proof is with prosecution
● 'Beyond reasonable doubt'

9. Digital evidence
● Evidence in electronic format is admissible
● Electronic Communications Act 2000
● Civil Evidence Act / Youth Justice and Criminal Evidence Act
● Documents can be copied onto own personal devices
● Technology neutral

10. Admissibility, weight and credibility
● Digital evidence may be legally acceptable but may not be
admissible.
● Admissible document must be sufficiently relevant
● Court must decide and may give different weight to primary
or secondary evidence
● In civil cases, evidence usually presumed admissible
without further proof
● British Standards Code for Legal Admissibility and
Evidential Weight of Information Stored Electronically.

11. Misuse of Personal Devices
● Abuse and misuse (Illegal, illicit or wrong)
● Defamatory remarks
● Breach of confidentiality
● Using and abusing copyright without permission
● Negligence in sending viruses to other business
● Sexual or racial harassment
● Criminal Offences
● e.g. downloading child pornography
● Other illegal images

12. Monitoring Communications
● Right to privacy – even at work
● Regulation of Investigatory Powers Act 2000
● Lawful Business Practice Regulations 2000
● Inform monitoring for lawful business purposes
● Quality, training and security
● How do you 'monitor' remote workers?
● Blanket monitoring of employees not acceptable
● Must be justified
● Other alternatives?

13. Data protection
● 8 data protection principles
● Principle 7 – adequate security measures
● Principle 8 – international transfers
● Cloud computing
● Where is personal data
● Information Commissioner's Guidance
● Sensitive personal data
● Encryption

14. Retention, deletion and retrieval
● Organisations must have evidence to rely upon it!
● Information management policy covering
● Retention, access and exchange (including security),
deletion and retrieval
● Why a policy?
● Business (cost, time and risk management)
● Legal (e.g. accounting records = 6 years, criminal penalties)
● Regulatory (FSA Rules, Food Standards etc)

15. Key observations
● 3 important elements
● Managing IPR including data, information and proprietary
software
● Controlling worker behaviour
● Security
● Appropriate policies
● Linked to employment contract to enable disciplinary
● Otherwise just a management policy
● Don't panic – get on with your business!

16. About eradar.eu™
● Championing enterprise and the online economy
● Promote enabling legal and regulatory environment
● Business networking and compliance hub
● Membership Services (over 400 briefing papers/articles)
● Referencing
● E-contracting Legal Group
● Premium tracking and scrutiny
● Audits and training

17. Thank you!
will@eradar.eu
http://www.eradar.eu