"I think it's really important that companies have a BYOD policy, not just to protect the company but to protect the consumer," he says. "There needs to be something in the policy to say whether the company does or does not have rights to the data on the device. In this case I think you can spin it to the end user. It's not just corporate data you have to worry about, it's all your own personal information too."
A Four-Step Process for Decommissioning Mobile Devices
Fiberlink recommends IT departments ask employees to follow a four-step process for decommissioning mobile devices:
Notify the IT department. Once employees receive a new device to use with the company's BYOD program, they should send a note to the IT department to let IT know they plan to swap devices.
Transfer corporate materials to the new device. IT can transfer all corporate materials from the old device to the new device. This can be relatively painless with an MDM solution but can also be done without one.
Extract personal data from the device. Remove and save all personal files from the old device.
Erase all remaining corporate data. Fully decommission the old device. Most devices have an option in the setting menu to perform a factory data reset to wipe all the data completely (if your company uses an MDM platform, it can wipe the data remotely). If your device has a microSD card, manually remove it and use it in your new device or erase the data from it as well.