您现在的位置: 纽约时报中英文网 >> 华尔街日报中英文版 >> 职场 >> 正文

准备离职?当心你的手机数据

更新时间:2014-2-18 13:29:56 来源:华尔街日报中文网 作者:佚名

Leaving A Job? Better Watch Your Cellphone
准备离职?当心你的手机数据

In early October, Michael Irvin stood up to leave a New York City restaurant when he glanced at his iPhone and noticed it was powering off. When he turned it back on again, all of his information -- email programs, contacts, family photos, apps and music he had downloaded -- had vanished.

The phone looked 'like it came straight from the factory,' said Mr. Irvin, an independent health-care consultant.

It wasn't a malfunction. The device had been wiped clean by AlphaCare of New York, the client he had been working for full-time since April. Mr. Irvin received an email from his AlphaCare address that day confirming the phone had been remotely erased.

As more companies allow and even encourage employees to use their own phones and tablets for work activities, often referred to as 'bring your own device,' or BYOD, an unexpected consequence has arisen for workers who have seen their devices wiped clean -- remotely and with little or no advance warning -- during or after employment by firms looking to secure their data. Twenty-one percent of companies perform remote wipes when an employee quits or is terminated, according to a July 2013 survey by data protection firm Acronis Inc.

Joel Landau, AlphaCare's chairman, declined to confirm whether Mr. Irvin's phone had been erased. He provided a copy of AlphaCare's BYOD policy, effective as of July, which includes a reference to remote wiping. Mr. Irvin said he was never given a copy of the policy.

Phone wiping is just another example of the complications that emerge when the distinctions between our work and personal lives collapse. Employers increasingly expect workers to be available 24/7 but don't always provide company equipment to make that possible, leaving workers in a bind: Expose themselves to losing personal information when a phone is erased, or refuse to use a personal device and risk looking disengaged.

The practice hangs in legal limbo at the moment, say employment lawyers and privacy advocates, thanks to the inability of legislation and case law to keep pace with innovation. The Society for Human Resource Management in November warned its members that phone wiping 'will likely be tested through the courts in the days and months ahead.'

If erasing a phone is necessary from a data-protection standpoint, employers should give workers advance notice so they can back up personal information, said Lewis Maltby, founder of the National Workrights Institute, a nonprofit group that monitors workplace issues, including privacy. Instead, many are simply 'following the path of least resistance without thinking about the consequences' for employees.

Many employers have a pro forma user agreement that pops up when employees connect to an email or network server via a personal device, he added. But even if these documents explicitly state that the company may perform remote wipes, workers often don't take the time to read it before clicking the 'I agree' button.

Phone wiping has become the most common complaint received in recent months by his organization, Mr. Maltby said.

Philip Gordon, chairman of employment law firm Littler Mendelson's Privacy and Background Check group, has heard from two clients whose ex-employees complained after their devices were erased, each demanding compensation.. (In one case, the employee had lost photos of a relative who had died.). Though neither pressed charges, Mr. Gordon expects legal remedies for workers may be found under state computer-trespass statutes, which were originally designed to prosecute hackers.

A former employee of Hopkinton, Mass.-based cloud-computing firm EMC Corp. who requested anonymity, said his phone was wiped a few years ago after he was terminated for not hitting sales quotas. The employee started the job without a smartphone, and EMC didn't provide one, but he said he was missing late-night notices of meeting changes and other important information, so he purchased an Android device.

On midnight of the day he was terminated, the phone went blank. 'I was completely surprised,' he said. 'I know it's so they can protect their data assets, but if that's such an important policy, we shouldn't be mixing business with personal.' He has no memory of signing a release or user agreement, though he concedes that a dialogue box may have appeared when he first connected to EMC's server 'and like everyone else, I was like 'OK, check.''

In a statement, EMC declined to comment on individual personnel matters but said it doesn't, 'as a matter of standard practice, remove personal information from departing employees' personal cellphones.'

Since the BYOD trend started gaining momentum about two years ago, most large companies have adopted mobile device management systems to cover the expanding number of tech products that workers tote around, said Lawrence Pingree of technology research firm Gartner. The latest versions of the software allow IT staff to surgically remove work-related material from a smartphone or computer, a feature that is becoming a best practice in the field, he said.

Mr. Gordon of Littler Mendelson counsels clients to have a BYOD user agreement that tells employees what will happen to their phones if they separate from the company. 'If the employer is deliberate about letting employees use their personal devices for work, they can eliminate the risk,' he said.

And employees, he added, should back up devices regularly to a cloud program or personal computer. That can still create data protection issues for employers, and companies should forbid workers from backing up corporate data -- or at least have a policy saying that. 'Whether or not people will follow that policy is hard to say,' he said.

10月初的一天,当独立医疗顾问迈克尔·欧文(Michael Irvin)起身准备离开纽约一家餐馆时,他瞥了一眼自己的iPhone,发现iPhone正在关机。当他重新开机时,包括email程序、联系人、家庭照片、手机应用和他下载的音乐在内的所有信息都不见了。

欧文说,手机看上去“和直接出厂时一样”。

这并不是手机故障,而是手机数据被他从4月份开始全职服务的客户AlphaCare of New York进行了远程清除。欧文当天收到一封来自他AlphaCare地址的电子邮件,确认手机数据已被远程擦除。

如今有更多的公司允许甚至鼓励员工用自己的手机和平板电脑办公(通常被称为“自带设备办公”或BYOD),一种意外后果也随之产生。员工会发现自己设备上的信息在工作期间或离职后被寻求保护数据的公司全部清除(远程操作,而且几乎或者根本没有提前警告)。数据保护公司Acronis Inc 2013年7月份的一项调查显示,21%的公司会在员工辞职或者被解雇时进行远程清除。

AlphaCare的董事长乔尔·兰多(Joel Landau)拒绝确认是否清除了欧文的手机信息。他提供了一份有关AlphaCare BYOD政策的文件,该政策从7月份开始生效,其中包括涉及远程清除的规定。欧文说,公司从未向他提供该政策相关文件。

清除手机数据只是工作与个人生活界限消失过程中出现的又一道难题。雇主越来越多地期望员工能全天候待命,但又不是总能提供必要的公司设备,于是让员工陷入两难境地:如果手机数据被清除,会有丢失个人信息的风险,而拒绝使用个人设备又会让人感觉自由散漫。

劳动法律师和隐私权倡导者称,由于立法和判例法没能跟上创新的脚步,这种做法目前尚处于法律的灰色地带。美国人力资源管理协会(Society for Human Resource Management) 11月份警告其成员,清除手机数据之举“今后一段时间可能会在法庭上接受考验”。

美国工作权利学会(National Workrights Institute)创始人刘易斯·莫尔特比(Lewis Maltby)表示,如果从数据保护角度来说有清除手机信息的必要性,那么雇主应该提前告知员工,好让员工备份个人信息。但许多雇主只是“按阻力最小的方式来,而不考虑给员工造成的后果”。美国工作权利学会是一家监控隐私权等职场问题的非盈利组织。

他补充说,许多雇主都有一个形式上的用户协议,该协议会在员工通过个人设备连接到电子邮件或网络服务器时弹出。但即使这些文件明确声明公司可能会采取远程清除,员工通常也不会在点击“同意”按钮之前花时间细看。

莫尔特比说,清除手机数据已成为他所在机构近月来最常接到的投诉。

劳动法律师事务所Littler Mendelson旗下隐私和背景调查(Privacy and Background Check)集团董事长菲利普·戈登(Philip Gordon)曾听两名客户说起过类似纠纷。这两家公司的前雇员曾在设备数据被清除后进行投诉,每位员工都要求赔偿……(在其中一起案例中,员工丢失了一位已故亲人的照片)。尽管两起案例都没有正式起诉,但戈登认为也许可以根据州电脑侵入法规(原本是为起诉黑客而设计的)为这些员工找到法律救济。

总部位于马萨诸塞州霍普金顿(Hopkinton)的云计算公司EMC Corp.一位要求匿名的前雇员说,几年前,他因未达销售指标而被公司解雇时,他的手机数据被清除了。这名员工刚开始工作时没有智能手机,EMC也没有提供手机,但他表示,由于他会错过深夜发送的会议调整通知和其他重要信息,因此他购买了一台安卓(Android)设备。

在他被解雇当天的午夜,他的手机被清空了。他说:“这完全出乎我的意料,我知道他们这样做是为了保护数据资产,但如果这项政策如此重要,我们就不应该把工作和个人的东西混在一起。”他不记得曾与公司签署过免责或用户协议,不过他承认,当他首次连接EMC服务器时可能出现过一个对话框,他说:“和其他所有人一样,我的反应是‘好,划勾’。”

EMC发布声明称,公司拒绝就个别的人事问题置评,但该公司表示:“按照标准做法,公司不会从离职员工的个人手机上清除个人信息”。

科技行业研究公司Gartner 的劳伦斯·平格里(Lawrence Pingree)表示,BYOD趋势从大约两年前开始兴起以来,多数大公司都采用了移动设备管理系统,以管理不断增加的便携式科技产品。他说,最新版的软件允许IT员工从智能手机或电脑上有针对性地清除工作相关材料,这种功能正成为业界的最佳做法。

Littler Mendelson的戈登建议客户签一个BYOD用户协议,告诉员工如果离开公司,他们的手机会出现什么情况。他说:“如果雇主在让员工用个人设备办公时能慎重考虑,就能消除风险。”

他补充称,对员工来说,应该定期在云程序或个人电脑上对设备进行备份。但这仍会给雇主带来数据保护问题,公司应当禁止员工备份企业数据──或者至少制定相关政策。不过他说:“人们能不能遵守政策就很难说了。”

本文版权归道琼斯公司所有,未经许可不得翻译或转载。

相关文章列表