In our FAQ article series, we have a look at the most frequently asked questions about mobile device management and data security. A common reason for rejecting a mobile device management system within the workforce is the fear that private data could be spied on. It is also often unclear how an MDM prevents data from being spied on by third parties. So in this chapter, we'll discuss privacy concerns related to an MDM.
1. Does the usage of a mobile device management system mean spying on employees?
Software that aims to restrict the way mobile devices are used, as a mobile device management does, is mostly viewed critically by the employees involved. Questions will naturally arise: can the software read my messages? Will calls be intercepted? If I'm not allowed to use certain apps, will the device even work?
There are probably many more questions - but we will answer the most important ones today. Let's take it step by step and shed some light on the subject.
Using an MDM is for management - not control
Fortunately, Germany has a comprehensive and in-depth data protection law (GDPR) that regulates exactly to what extent personal data must be protected. This not only puts the responsibility on the companies themselves, but also on providers of SaaS (Software as a Service) products.
It must be ensured that sensitive company data and also personal data cannot be leaked to the outside and, in the worst case, misused. MobiVisor MDM only accesses the data that is fundamentally important for the functionality of the MDM. This includes only technical and device-specific data, such as the device name, phone number, serial number, model name and number, capacity and free storage space, version number and the installed apps.
Specific content or exchanges between colleagues in the form of private and business emails, calendars, contacts, text messages or messages, and telephone call logs are not recorded under any circumstances. The reading of browsing history, personal reminders and notes, and the frequency of app use are also not conducted.
So the answer to the above question is a clear: No. The use of an MDM can never be used for espionage.
It is important to communicate this with employees - after all, the aim is to create acceptance for the MDM and consolidate its position as an administrative aid.
2) What happens when employees use their private devices - does MDM work in these cases at all?
In quite a few companies the practice of 'Bring your own device' (BYOD) is employed. Employees bring their own devices and are allowed to use them for work.
This can have advantages, such as eliminating the need for additional work devices.
The big sticking point, of course, is that this model blurs the line between private and business. And the question of data ownership is often not as clear-cut as it might seem at first glance. This is particularly the case with creative activities: for example, if an employee creates content using a private account, but the content is intended for the company - how is the decision made as to who owns the content?
Before introducing MDM, it is therefore extremely important to obtain legal advice as to whether BYOD is even possible in the company and, if so, how. It must be transparently explained to employees who owns the data and what may be done with it.
But back to the question: An MDM can be applied in various scenarios, even if the device is intended for private use. You can find more areas of application in our infopaper on MDM and data protection.
In order to nevertheless ensure a clean separation of private and business data, there is the so-called container principle. Here, the separation of the device into two areas is already defined during installation: a private profile and a business profile. Access by the MDM admin to the private profile is no longer possible. This means that employees can continue to use the private interface with their preferred settings. In the business area, employees are also protected against accidentally transferring private data to it.
This should not be underestimated: how quickly does it happen that an e-mail is forwarded to the wrong account? With a clean separation, this can be ruled out.