Hillary Clinton is learning good BYOD policy the hard way. The former First Lady, Senator and Secretary of State (and presumptive Democratic front-runner for President in 2016) is taking heat for using her personal email server for State Department business during her tenure in that post—and possibly deleting official emails in the name of her privacy.
On March 10, Clinton held a press conference to talk about the controversy. Her statements hold valuable lessons for companies that have embraced BYOD.
“I opted for convenience to use my personal email account, which was allowed,” she said. “I thought it would be easier to carry just one device for my work and for my personal emails instead of two.”
Two BYOD lessons pop out right away:
1. Have a clearly defined policy for using personal email
Clinton claims that using personal email was allowed by the State Department. You probably already have a policy about whether employees may use personal email accounts for work purposes. Clinton's use of personal email servers is unusual, however, and you may need to address it specifically in your policy in case anyone is inspired to emulate her.
2. Make business email easy
Clinton's reluctance to juggle two separate devices is a fundamental motivation behind the BYOD movement. Whether the employer provides the mobile device and allows personal email to be used, or employees are allowed to use their personal mobile device for business purposes, it has to be easy to use the business apps or tools. When things start getting too complicated, users like Clinton opt for loopholes and workarounds instead.
3. Segregate personal and business data
Clinton also stated, “no one wants their personal emails made public, and I think most people understand that and respect that privacy.”
Clinton was defending why she chose to delete certain emails rather than providing the entire email server archive to the State Department.
Regardless of Clinton’s motivation, in a BYOD environment employees are engaged in both business and personal matters from a single device. The company has certain rights and obligations regarding the protection and archiving of business communications, and the company should have access to business data from the device. The employer should not, however, have access to personal files or communications from the device. Provide employees with a simple means of managing both business and personal communications from one mobile device without surrendering their privacy.
Bonus: State your BYOD policy clearly and often
Clinton's adamant statements that she was following the rules are also being picked apart by the pundits. However you decide to manage BYOD, communicate the policy effectively and often to employees, and enforce it.