New BYOD risk: Users leaving data on old devices

There’s one big BYOD question many companies will have to deal with at some point: What happens to corporate data on a personal device after a user trades it in for a new one? 

In many cases, the data on an old mobile device will still be available when it ends up in someone else’s hands, according to a new survey conducted by Harris Interactive and sponsored by mobile device management vendor Fiberlink.

Among respondents who had previously owned a smartphone or tablet that they used for work, only 16% had the data professionally wiped from the old device, and just 5% had the device professionally destroyed.

The majority (58%) kept the old phone or tablet but didn’t use it. However, according to the survey of 2,243 US adults:

  • 13% turned the old device over to their wireless service provider
  • 11% donated the gadget, gave it away, or threw it in the trash, and
  • 9% got rid of the old device in some other fashion.

In those situations, it’s possible the eventual new owner of the device could have access to personal and work-related information the former user left behind.

Add to the BYOD policy

Just as with PCs and other computing equipment, failing to properly wipe a smartphone or tablet could lead to sensitive data falling into the wrong hands. In addition to documents stored on the device, a smartphone or tablet could retain access to the users’ work email, allowing someone else to continue receiving new messages, too.

Fiberlink recommends users turn over both devices to their company’s IT department when they buy a new smartphone or tablet they wish to use as part of a BYOD program. That will ensure that an IT pro takes care of transferring corporate data from one device to another and wiping necessary information.

To make sure users are bringing in their old devices to have them wiped, IT departments should include a rule in the BYOD policy requiring people to do so. It pays to keep track of what devices users are currently bringing in — that way, if the same people bring in new devices they wish to connect, IT will know there’s an older device that needs to be decommissioned.

Of course, it’s also helpful to explain to users how failing to properly wipe an old mobile device can threaten their personal privacy and security, as well.