LBS, DLP, BYOD, and Teleworking Policies
Monitoring policies must address location-based services (GPS on vehicles generally OK; tracking people themselves is more limited), data loss prevention (DLP) (powerful but privacy-invasive), BYOD (security risk plus monitoring limits on personal devices), and teleworking (home-network and household privacy issues). Each blurs the personal/professional line.
Location-based services (LBS): tracking company vehicles via GPS is generally permitted for business purposes during work hours with prior notice, but tracking employees themselves faces greater limits. Connecticut prohibits electronic monitoring without written notice ($500 first-offense civil penalty); California makes using an electronic tracking device to determine a person's location a misdemeanor.
Data loss prevention (DLP): combines security tools, employee training, and policies. Powerful endpoint features (keystroke logging, activating webcams, geolocation) raise serious privacy concerns - a privacy impact assessment is good practice.
BYOD shifts control to employee-owned devices, creating security gaps; the same monitoring used on work devices may be inappropriate for personal ones - disclose monitoring and consider consent, minimizing exposure of private data. Teleworking blurs home and work: secure home networks, lock screens, shred confidential papers, and remember family members may appear on video.
The consumerization of IT (COIT) reversed the old adoption path: technology now often emerges in the consumer market first and is driven into the workplace by employees' personal devices and accounts.