Storing Personal and Business
Information on your
[an error occurred while processing this directive]
When you first purchase your Pocket PC or Smartphone, the first thing you do with it is to put your information into it. This article covers different aspects of being sensitive to the type of data you are storing and where it will be synchronized and whom has access to it.
Types of Information
Here are some examples of sensitive information that you may find embarrassing at work. Examples of inappropriate personal information that should not be stored include your credit cards or driver’s license numbers, passwords, intimate pictures, videos, audio files or voicemail, private communications threats to anyone, etc. Examples of inappropriate business information that should not be stored include business plans, plans to leave the company or start your own business, top secret business information, etc. Basically the best rule of thumb on storing personal information at work is to not store any information that you would find embarrassing if anyone at your office found out about it.
So if you purchased your Pocket PC or Smartphone for personal use, you will synchronize with your PC at home. So when you synchronize, all your data on your Pocket PC or Smartphone is placed on the desktop and all the data on your desktop is synchronized to your Pocket PC or Smartphone. This includes your Calendar, Contacts, Tasks and Inbox if you setup the default types of information to be synchronized.
The same scenario occurs if you purchase your Pocket PC or Smartphone for business use. All your data in Outlook from your desktop at work will be synchronized on your Pocket PC. This includes your Calendar, Contacts, Tasks and Inbox if you setup the default types of information to be synchronized.
Mixing Personal and Business Information
A major rub occurs when you mix personal and business information on the same device. Neither the Smartphone nor Pocket PC allows users to specify where data is synchronized. The only way to prevent personal or business data from being stored on the wrong PC is via a 3rd party synchronization tool such as Intellisync. If you use ActiveSync alone, it does support synchronization using categories however all the data on the device is synchronized to the desktop regardless of the categories selected.
So if you choose to merge your business and personal data on your Pocket PC or Smartphone and synchronize it on both work and home, you may be embarrassed by the data stored either place. Remember that your information is now on your work computer and it may be backed up or accessed by your employer as a regular course of business. This means that multiple people in your Information Technology department may have access to your information. Also, your home computer is accessible by your family so they would have access to your business data as well.
Also, users should be prepared in the event that they lose their Pocket PC or Smartphone. They should be aware of what data is stored on their device and be aware of any risks associated with the data. You should backup your Pocket PC or Smartphone on a regular basis. On the Pocket PC, you can use ActiveSync or flash storage backup program provided with your Pocket PC. With the Smartphone, you cannot use ActiveSync to perform a backup. I suggest that Smartphone or Pocket PC users use Sprite Backup (for Pocket PCs, for Smartphone) to perform secure backups on a flash card.
Securing Your Information
In all cases above you may have sensitive personal information on your device. So as an initial step to securing your Pocket PC or Smartphone, I suggest enabling a power on password. This is done in the Pocket PC under Start – Settings - Password. On the Smartphone the power on password is under Programs – Settings – Security – Enable Phone Lock. You may want to take further steps to secure your Pocket PC. Examples of 3rd party login security applications include KeyCrypt and VisiKey.
If you choose to store credit card information on your Pocket PC or Smartphone, your license number or usernames and passwords, you should use a 3rd party application to encrypt this data. Examples include CodeWallet Pro or eWallet.
Further in some businesses in fields such as finance, banking and medical, additional laws require users to take special care of their data. Specifically laws such as Graham-Leach-Bliley Act (GLBA) and Health Insurance Portability and Accountability Act (HIPPA) require users to maintain special controls over business data and especially over client information. In the case of HIPPA there is a requirement for multiple security measures to prevent unauthorized access to be implemented on your Pocket PC or Smartphone. Some Pocket PCs support finger print readers as an example of a biometric control. In the future, I expect to see more controls over business information to protect our privacy. You should check with your company’s security officer regarding the company’s policy on storing business information on your home PC before doing so.
Overall, users should know where their sensitive personal and business data
is being stored and who has access to it. This way they can ensure that
their sensitive data is used for the appropriate purposes. If you have any
questions or concerns over where your data is stored at work, you should ask
your security officer or Information Technology staff at work about their
company policy on storing business information. You may want to take
further steps to secure your Pocket PC. See
Pocket PC Security, March 2003 in Pocket PC Magazine.