Privacy and Legal Aspects of BYOD
On corporate computers and devices, CIOs might worry about employees putting corporate data in Dropbox or similar cloud apps and block the use of such file services via the corporate firewall. On a personal device, however, the end user has a legitimate, personal right to use Dropbox, so this control won't work.
The CIO can insist on installing MDM software so the company can wipe any data, read data, block applications, and even track location. The company may say that they can be trusted but should the end user accept this? After the Snowden leaks, employees are going to be wary of abuses of such technology and wonder what's to stop an administrator tracking the GPS of an employee, even outside of work hours on their private and confidential business.
CIOs and their teams also have to work out, ideally at the start of a BYOD program, what to do in situations where employee phones are included in legal information recovery procedures. If employees have to give up their BYOD phone, will all of their data, including personal emails and pictures, be seized? And what happens if the employee doesn't accept this and resets their phone, wiping all the data including the legally required company data?