The user loses their device and will again want some form of compensation, according to Garlati.
The technical solution here is to use desktop virtualization, which means all of the corporate information is stored on servers. Doing the same with at least tablets would be good, but the technology isn't there yet, Garlati said.
When handing over information relevant to a legal case is enough, the IT department needs to have a process in place for gathering the data from PCs, smartphones and tablets, according to Wallin. Allowing the IT department to do that also needs to be part of the policy workers agree to, he said.
Enterprises also have to plan for what happens when a user wants to upgrade to a new device and get rid of the old one. Doing that is mandatory for any BYOD program, according to Wallin.
One way to ensure corporate data doesn't end up in the wrong hands is for enterprises to outright buy old devices. Another alternative is to discount the cost of a new smartphone, according to Garlati.
"My company actually gives me a discount on the AT&T price of a device if I buy through them, but there is a catch because I have to return the old device," said Garlati.
Purchasing phones from employees isn't a very feasible option, since enterprises are adopting BYOD to get away from buying hardware, according to Wallin. His alternative is to rely on the mobile device management solution or getting users to wipe their phone.
"Users have to be told that if they are let go, retire, leave or buy a new device, all corporate information has to be deleted, including potential physical or cloud-based back-ups ... Some organizations want to verify the information has been deleted, while others check a sample or trust the employee," said Wallin.
Send news tips and comments to firstname.lastname@example.org