Much has been written, in this space and elsewhere, on the concept of “reasonable security” — what constitutes “reasonable security,” how much security is “reasonable,” etc.    The entry of the choice of computing devices to the workplace  – known as the “bring your own [personal] device” or “BYOD” trend – has also been dissected at length.  Companies are grappling with the wisdom of allowing employees to blend personal information with corporate information and the risks posed by the lack of control on corporate information once BYOD is permitted.   Many companies are playing catch up to control these risks and implement policies and procedures.

Nowhere are these issues more important than in regulated industries with particular laws and regulations protecting information.  Mintz Levin colleagues Dianne Bourque and Stephen Bentfield authored an article in Health Data Management that provides lessons for companies beyond health care.