Fotolia

Manage Learn to apply best practices and optimize your operations.

Location-based mobile management raises employee privacy concerns

Tracking users' smartphones and tablets helps secure the devices and their data, but it also opens up a Pandora's box when it comes to privacy.

The use of geolocation and geofencing services can have serious employee privacy implications that business leaders and IT professionals should not ignore.

When an organization uses location-based mobile device management (MDM) to track smartphones and tablets, it has access to a wide range of intimate details about their users: the clinics they go to, the churches they belong to, the clubs they join, the stores where they shop. A company can gain insight into a person's sleep habits, politics, health and all sorts of behaviors.

That's not to say an organization is necessarily interested in this information. Most IT types care only that their resources remain safe. But the ability to monitor a device to collect and store location data is its own Pandora's box.

The risks of location-based MDM

Whether owned by the company or by employees, mobile devices are personal extensions of their users -- something they have by their sides day and night. This dependence can cause a dilemma for organizations trying to manage devices and trying to ensure corporate security. Even when the company owns the device, users have an expectation of privacy, and they cringe at the idea of Big Brother IT knowing their every move. If an organization does not tread carefully, it could face serious consequences.

Management needs to be careful about strong-arming workers.

When a company uses mobile geofencing and geolocation services in conjunction with MDM, it tracks the locations of its managed devices in real time and maintains a history of that information. This approach helps IT keep corporate data secure, either by finding lost devices (through geolocation) or by preventing data access from unauthorized locations (through geofencing). But with this kind of data collection, the possibility exists for personal information to be used for other purposes.

For example, someone in management might want to dig into an employee's political leanings or religious affiliations. Or a vindictive employee might access the data to threaten or discredit a co-worker.

If the data falls into criminal hands, users can face even more serious risks. An individual with less-than-honorable intentions can easily deduce when a user will be home, when that home will be empty, along with any number of other personal details.

Privacy laws in flux

Governments and federal agencies are taking notice of how much location data is being collected and how it's being used.

Last year, the Federal Trade Commission's Mobile Privacy Disclosures report encouraged developers to include privacy policies with their apps and obtain user consent before collecting location data and other sensitive information. Earlier this year, the European Union's Article 29 Working Party reiterated that organizations must be explicit about how it plans to use such data. And a bill working its way through the U.S. Congress would prohibit apps from collecting or storing location data without a user's informed consent.

It's difficult to say how the data privacy movement will affect location-based MDM in the enterprise. A company might require workers to consent to tracking in order to use mobile devices to conduct business. But management needs to be very careful about strong-arming their workers, especially if tracking them during off hours.

To date, laws in the U.S. have tended to favor employers, but most laws have not kept up with technology and can vary from state to state. In Europe, privacy laws tend to fall on the side of the employee. Yet laws related to privacy and technology are in flux everywhere, with much of these waters still being tested.

Protecting users and your business

Mobility is still relatively new in the enterprise, and it's made all the more complicated by the rapidly changing nature of technology. Organizations need to protect their resources, and location-based mobile device management can be a powerful tool. On the other hand, employees concerned about their privacy may end up resenting employers and lacking concern for protecting corporate resources -- not to mention the potential legal ramifications.

Whatever an organization does, the key is communication, backed up by clear and accessible policies, plus straightforward procedures for obtaining user consent whenever location data is collected. Above all, organizations must carefully protect and audit that data to ensure users' privacy cannot be compromised.

This was last published in December 2014

Dig Deeper on Enterprise mobility strategy and policy

PRO+

Content

Find more PRO+ content and other member only offers, here.

Join the conversation

4 comments

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

Should companies track users' mobile devices?
Cancel
Unless it's a company-given device, I don't think a company should track an employee's device because it does bring privacy laws into it. When an employee is off the clock, they shouldn't have to worry about using their mobile devices.
Cancel
If the device is company-owned, I think most smart employees would understand that there is likely to be some tracking of that device's data (and would maybe tailor their behavior accordingly). Part of the tradeoff of having a company pay for your phone/tablet is giving up some control of it. But there should be limits to what the company can access; containerization is one potential way to handle this and keep both company and personal data secure. 

With access to mobile devices, many employees are never truly "off the clock," so it's a challenging issue.
Cancel
If companies are going to track devices, then employees need to be very clear on that when they get the devices, and be able to make the choice on whether or not to take on the responsibility of managing company data via mobile.
Cancel

-ADS BY GOOGLE

SearchNetworking

SearchTelecom

SearchUnifiedCommunications

SearchSecurity

Close