 Hey, my name is Shelly Reed. I am the manager of the Legal Services National Technology Assistance Project, and we're excited today to have Ellie Mattern here with us to talk to us about BYOD, bring your own device policies, and all the things that go along with it. So I'm going to turn the program over to Ellie and sit back and let's listen. Thank you. Hi, everyone. I'm Ellie, as Shelly mentioned, and I was going to tell you all to feel free and keep your cameras off, but do you beat me through it? So no problem on that. I do like to take questions as I go. So if you have any questions, please feel free to come on off mute and ask your question out loud. That would be helpful for the recording. And if not, if you're shy, that's totally OK, too. Please feel free to drop it in the chat and I will read it out loud, you know, to the best of my ability. Shelly, you can still see my screen, right? That's correct. OK. So as Shelly mentioned, I'm Ellie Matter and I am the I don't know if I introduce myself from the Director of Technology for Community Legal Services in mid Florida. We're an LLC funded program, as I assume many of you are. And if not, I welcome, welcome. I'm so excited to be here. So a little bit of a few definitions at first. So what does BYOD need to bring your own device policy? Some of your organizations may have them or may be considering them. Part of the reason Shelly and I decided to put this presentation together is that Community Legal Services was considering putting in place a BYOD policy. And I knew that I wanted to do some research on it anyway this year. And so it was a great opportunity for me to share with the community the things that I had learned and bring them back. So a BYOD policy defines the circumstances under which employees can use their personal devices for work purposes. Devices can include laptop, smartphones, tablets and other devices. I include those other devices because while most of the time people are talking about phones and computers, I also have recently imagined the idea of a VR headset that was someone's personal device, but they're meeting other employees in VR land to talk about compute employee related issues. So it really could be any device that an employee owns. I before we get too far into it, I do want to just, you know, take a little pause on this road and talk about to policy or not to policy. So I think that it is incumbent on anyone who is a director or an organization member to think about, does our organization need a policy for this? There can be a an operational default to say, like, yes, let's put a policy in place. But that's not always the best option. And so our detour, because this is the hill I will die on, is do we need a policy for this? So let's talk about reasons to policy and a reason not to policy. So reasons to policy can be compliance issues. Some of you are probably LSE funded. LSE has a lot of compliance requirements. We have legal requirements as law firms. Funders have various requirements where we need to collect certain data. There those are all great reasons to have policies around things. They're great reasons, largely because of the next two points, because you can instill managerial consistency. That means when a case is closed, it is always closed with one of these few place case closure codes. It's, thank you, Shelley. Yeah, LSE legal services corporation. If you have multiple units within your organization, so if you've got a housing unit and a family law unit to make sure that they are closing cases the same way to make sure they are doing the same things with their cases. So management consistency across the organization is one reason to have a policy. And then it's also can be helpful for your employees. It's a clear expectation. If you have a policy around answering the phone that says, Hi, welcome to Community Legal Services of mid Florida. We're happy to assist you. That means that every time somebody answers the phone, they're going to answer it the same way. That makes it very normative for an employee to know what is expected of them and then how do they go above and beyond that to be like an extra stellar office employee or how do they fall below that in a way that may impact their performance review? So those are all great reasons to put a policy in place for a variety of things. Reasons not to policy. So I employee morale. I have heard from many employees that too many policies can stifle their forward momentum on a project if they feel like they always have to go and look something up. If they just want to get out there and do the work and hit the ground running, but then they feel like they have to wager through a myriad of policies. That can be really damaging to employee morale. And so you want to be mindful of not putting someone in a place where they feel like you're putting barriers to them doing the work that they want to do, to doing the work of the firm, the organization is made for. Management of policies. So as an admin and as one of the people who has to manage these policies, if you have 7000 policies, that means you have to keep track of 7000 policies. And keeping track means has ever been trained on the policy. When was the last time it was updated? And then constantly recycling through, do we need to update this policy? Is it antiquated? Is it useful? So management of policies is really its own door that an organization should be aware of. And then last but completely not least is bias. And a lot of times when we talk about bias, we think about gender bias or racial bias. And while those can play a role in this bias, what I'm talking about is bias between one employee and another employee. So let's just throw out a completely fake policy for right now. And let's say everyone in your organization adopted a policy that said anyone who wants to go on vacation has to give at least seven days notice. OK, seven days no problem. But, you know, the friend of the manager comes to the manager and says, I forgot I have a wedding for my brother in three days. I just didn't put in for it. And the manager says, no problem, go to the wedding, you know, have fun, toast them for me. Well, that's a problem because in doing so, they have created a difference between employee A, who's following the policy, and employee B, who has been given special permission to avoid the policy. And now, if there was an employment law issue at the organizational level, that employee A has a reason to say, well, that employee B had preferential treatment. They didn't follow the policies and I did. Or the policy didn't really mean anything because nobody followed the policy. And so before you put any policy into place at your organization, you want to be consistent. And this is such an important point. I'm going to bring it up again later. No policies unless you plan to see it through. Okay, now I'll get off my soapbox and we'll actually be here to talk about what you all are here to learn about. For those of you who came in late, I do want to reiterate, I love to take questions in the middle. If you have questions as you go, please drop them in the chat or come off mute. I will see you and just ask your question. Okay, so we've gotten off the hill that I'm willing to die on and we've all decided that we do have a way to do it. We've all decided we do want a policy for BYOD. What are the reasons we would want specifically of bringing your own device policy? So here we're going to be balancing security and privacy. So what are the risks to an employer that the employer is solving for? Here, we're looking at not exposing client confidential information or any organizational confidential information. Accidental exposure can come in a lot of different forms. It is so obvious and ubiquitous for people to think about hackers or somebody, a stranger looking on somebody else's device, but accidental exposure can happen in the home. If you have the photos of a domestic violence victim on your phone because you're getting ready for a trial tomorrow or an injunction case tomorrow and your phone or your child, friend, spouse, partner is flipping through your phone looking for photos of your last vacation, you could have just exposed client confidential information to somebody who has no business seeing those photos. And so accidental exposure of confidential data is something that is really, that people should really think about when it comes to BYOD. The next one to think about is hacking and malware attacks. People treat their personal devices differently than they treat their devices that are handed to them by their employer. They just do. And so being aware that you're not gonna have an IT support person or anyone else who's keeping track of what's going on with that device or second guessing, whether there's not any of the traffic coming from that device is safe, is something the employer needs to be aware of if you allow the incorporation of BYOD or employees to use their own devices. And then also you have to worry about stolen devices in public wifi and those two both go down to whether or not someone nefarious is accessing information from that device because it was left in a car, because it was left open and unlocked at a coffee shop, any number of opportunities at that point. So let's take a different approach and think about what is privacy or what is the problem with it for employees? So here we're looking at privacy infringement. A small detour where I say that some of these apply whether you're giving out employee or employer devices or BYOD devices, but we'll keep track of that as we go. So tracking user location. I am right now on my CLS-issued device, my CLS-issued laptop. If I had a CLS-issued phone and they were tracking my location, that is something they should probably tell me before they give me that device. The same thing goes for a BYOD device. If you are adding things to the devices to make it easier for the IT infrastructure to track them, which means location sharing, it means browser history, it means app usage, or really if you're looking at anything that is on the employer or employee's personal device, that needs to be included in your BYOD policy, because everyone should be fully aware of what they're committing to when they agree to this policy. Another privacy infringement is, let's say an employee leaves the firm. They're retiring, they're quitting. How do you get with some of their device back into the organization? How do you know what's in their device with many of these? Now, many of you probably work at law firms, and by law firms, I mean law firms or nonprofit law firms. And so I can hear you, you say, Kelly, but the people who leave are lawyers and they're duty bound by their professional responsibility to not disclose client confidential information. Cool, cool, you're right. Except that there are a lot of people in your organizations who don't have the same professional responsibility obligations. You can usually hang a lawyer's bar card over their head and say, thou shalt not do the wrong thing, because you could lose your license. But there are a bunch of people at your firm that probably don't have the same rigorous obligation or stick if you needed to pull it out. And so being mindful of who has access to that kind of information and what data they're putting on their phone really does matter when a client or when an employee exits the firm. So we talked about employees quitting or retiring. We're gonna assume that when employees quit or retire, they are largely leaving on good terms. What happens when an employee is leaving and it's not good terms? This employee's been fired and they've been fired for cause. They've been fired for any number of reasons. How do you assure that what they have on their phone gets deleted or destroyed or got backed by IT if required? How do you ensure that that at least even if it doesn't come back to the firm, how do you ensure that it gets uploaded into the case file? Those are all of the challenges that you're going to face if you agree to implement a BYOD policy. Or that you're trying to solve for with a BYOD policy. So we've gotten this far. You're still interested. You're like, look, my employees are using their devices whether we tell them to or not. I get it. In that case, here are some terms you may wanna put in a BYOD policy that are best practices for the employees requiring strong passwords, requiring encryption. This is something for the employer where they provide training on different cyber threats. So at CLS, we have a monthly training on cyber threats every month. It can be on phishing, it can be on cyber attacks. And I truly believe that if you're training people in one area of their life, so if you're training them at work, this does percolate through to their private life because they may just take that extra moment to think, should I click that link? Is this text message real? Those kinds of things, which is what you want them to be doing all the time because it makes this all safer to begin with. You also wanna consider whether you should limit the type of data or the amount of data an employee is allowed to have on their phone. Are they allowed to have photos? Are they allowed to have case files? What about pleadings? These kinds of things you wanna talk about. So, here's a fun thing. I want you all to think about your organization for a second. Okay, let's pretend you're all nonprofit law firms, which many of you probably are. And if you have a communications department and if your communications department uses social media, so you guys post on Twitter, TikTok, Facebook, any of those, does that person have a company-issued phone? If they do not, there's a very high probability that they're taking their photos of outreach events, of pro bono clinics, of anything that they attend for the employees on their personal device and uploading them to social media. Many social media companies require cell phones and personal accounts to be attached to commercial accounts. And so, even if they're not, even if you've issued them a company phone, they may have their personal account attached to that account, and so you need to know what information's going from one account to the other. If they don't have, if they haven't been issued company devices, then the images that they're taking on their phone are things that you wanna be aware of. Again, I can hear you thinking, Ellie, that's not client confidential information. We don't care about that. Great. If you don't care about it, you don't care about it. However, if you like to promote your organization and do reports at the end of the year for your funders or board members, they look at all these beautiful events that we attended, look at all these awesome outreach things we did where people came and received legal information. That content is stuff that you will need. Those photos taken at those events are the proprietary or are owned by the organization and therefore you need to be aware of them if they're living on private devices. And then again, talk about if there's any consent for monitoring. I'm gonna pause here and give anybody a chance, any questions so far, okay? Hearing none, we keep going. How do we limit client or company liability when it comes to BYOD policies? I promise you that we are gonna talk about it again and here we are. If you implement a BYOD policy, you are going to implement it and then you are going to commit to it. So whatever that means. I will tell you that I do not think there's a single organization I've ever worked for where employees were not also using their personal devices for work. And so while this conversation about BYOD policies does paint it as optional and it is, the reality is most people are using their devices anyway. And so to not at least think through what that looks like for your organization and what the best practices should be for your organization is the tantamount to putting your head in the sand. A lot of times with BYOD policies, companies limit their liability by requiring employees to indemnify them. If company data is exposed through their device. That may seem draconian, but I think it depends very much on what the company risk tolerances and whether or not they're willing to assume the responsibility if something goes awry with that individual's devices. So in preparing for this presentation, I thought, okay, so what are the benefits of BYODs? Everyone's pretty much using their cell phones anyway. Why put a policy like this in place anyway? Why should we encourage that kind of behavior? And so these are some of the ones that I came up with, or that the internet came up with. It increases customer satisfaction. And I can personally test anecdotally that having teams on my phone does make it easier for me to interact with people if I'm moving around the office. I am no longer constrained to the notifications I get on my phone or emails that come to me. If I am in flight, I can respond to something in flight. And one of my personal rules is like don't keep people from working. And so if somebody is blocked because they've sent me an email and they're waiting for me to reply, if I can take five seconds to respond to your email just saying like, go for it, then that is a benefit to the organization because there's one person who can continue doing what they were doing without having to context switch to another task. It does reduce costs. So a lot of people say, how does it reduce costs? Well, you could alternatively buy a cell phone for everyone in your organization and ask them to carry it around with them and use only that company issued cell phone which would increase your overhead costs in terms of hardware. It would increase your IT infrastructure costs in terms of management and service. Of course, then you have to have data plans for each of these phones. So there are a lot of costs to doing this all in house by allowing the employee to assume that cost and that risk or that is something that the employer is saving money on. And then you do have the ability to decrease duplicate work. If someone is sitting on their couch at night watching law and order and they have just like a brilliant idea rather than having to write it down on a scrap paper and then try to remember the next day they can immediately go into their notes for that file or put it somewhere that they would remember when they was in work in the morning. So there are really two types of BY, well, three types if you wanna count not having planned it all but there are two types of BYOD plans required and often. So it required BYOD policy is like any other global policy you put in your organization that says, you know, thou shalt do this if you are employed with this organization. And those can be really good for certain kinds of policies because they apply to everyone equally. Everyone has to know about them. And, but I don't feel like they're the best practice of BYODs and this is my personal opinion and intelligent minds can disagree. For me, I think that often policies are the best option for BYOD policies and I'll tell you why. So the benefits of an often policy is that it gives you the opportunity to put the policy in front of an employee and say rather than this just applying to every single person at the organization I need you to read this and agree to it if you want to be able to use your personal device. And so in doing so, it's not just one policy in the booklet of policies that you hand them during onboarding. It's something that the organization has to or the employee has to opt into. It also gives a sense of autonomy because the employee is saying affirmatively I want this, I wanna be a part of this. It reduces IP oversight. So rather than just the next two are kind of in tandem. So it clearly identifies the number of employees that it applies to. So right now our organization has like 130, 120 people in it. If somebody leaves the firm, there is no way for us to know whether or not they are using their personal devices. We just have to assume they are or assume they're not. By having everyone sign an opt-in policy, which is the plan at CLS, which I plan on rolling out. So CBD, my next update can be on what that will allow process look like. But the, now we will have a way for the IT department to actually know, okay, 89 people that are a part of this organization have opted into the BYOD policy and they have agreed to these terms to be bound by. And so when someone is off-boarding, now we can say, hey, do they have an opt-in BYOD policy? Yes, they do. Therefore, let's add these four steps to their off-boarding, which means reminding them that they owe a duty to clients to not share confidential information, that if they have any CLS data that they need to either delete it from their phone or upload it to the appropriate places on our network. And it allows you to build the infrastructure around how to keep that data mindful. And so in my opinion, I do recommend opt-in policies. So I have written, which I didn't need to click, I'm going to. I have written a BYOD opt-in policy, which I'm going to share with everyone in the chat. Well, I'm not because I can't figure out how to click it, but I will share it with you guys shortly because it's actually made record time through my presentation. This opt-in policy is still in draft form. It has not been approved by CLS. So all caveats and disclaimers apply. That said, I really, really welcome feedback from this group if there's anyone who feels that I have missed a clause or that there are things to be included in the BYOD policy that we haven't already talked about. The other thing is it may be a good jumping off point for your organization. If you're thinking about adding a BYOD policy to consider using an opt-in policy and you're welcome to use mine as a template. So as I mentioned, my name is Ellie Mattern. Please find me on LinkedIn. And I'm going to stop sharing my screen and drop that opt-in policy in the chat. And then I will open it up for questions and maybe we can just have conversation. I'd love to hear if any of your organizations have implemented a BYOD policy and what that looks like. I'm going to throw a poll in if I can get it to work and just to see how many have policies. Maybe I'm not. That's okay. I was going to say, see if everybody fell in asleep. Maybe totally possible. All right. So in the chat, I am about to drop the opt-in policy. Let's try it again. For anyone who is available to do so if you're not on your phone could somebody just click that link and confirm that it is open. I tried to share it with anyone who has the link but I just want to make sure that it works. It did open for me. Perfect. All right. So not getting the poll to work. So I would love to hear how many people have policies that their organizations or don't have policies or considering a policy. And that's why you're here today. So just put, yes, we have a policy. No, we don't have a policy or maybe thinking or thinking about it. While we're waiting for those, I have a question, Ellie. So one of the things that I was concerned about, I had a little bit of experience in e-discovery and all that kind of stuff. So in your research, is there much concern in the community about personal, information on personal phones and then that makes the personal phone discoverable? I haven't done any research on that. I, especially because we're law firms, a lot of the information, a lot of the information that attorneys or paraprofessionals are going to have is going to be either client confidential or attorney work product. And so they can likely skirt the edge of that. And because of that, I wasn't looking into that. However, with public companies, I would be, if it wasn't a law firm, I would be really concerned about whether or not something's discoverable. And also not just discoverable, but I would think about chain of custody. So if you have someone who is working after hours on their personal device and they find something or screenshot something and then the attorney wants to get that in at court, then what does that look like? And I think depending on the way in which that is stored and depending on the way in which they can authenticate it may make a difference. And it could be different in each state, but that is something I've been thinking about is evidence that's collected on a personal device where that live in the discourse of BYOD policies. I see a couple of chats. Doug says they don't have one yet, but they're working on it. It looks like a couple of people don't have them. Steve said we have a mobile device use policy. However, it's not specifically written for BYOD and math has a BYOD policy that's written into their technology policy. Since we're talking about kind of since Amanda brought up technology policies in general, we have quite a few other technology policies as well that are around cyber risk or about traveling with company devices. And right now we have them all separate and I will be instituting the opt-in BYOD policy. There is a question from my perspective as to whether or not it would make more sense to consolidate them all into one technology policy. But I think I haven't made that executive decision yet, but I can see Amanda why you may want to wrap up BYOD into a larger technology conversation and policy. I am, so Jason asks, is the BYOD policy the only opt-in policy we have? I am not sure. I don't, I can't think of any other opt-in policies. I, but I seem to recall one in the back of my mind. It's like scratching at the back of my mind. But I will, I'm not sure. I can't think of any off the top of my head. Amanda said, we have had luck with using Intune to have staff and a little personal devices so they can at least ensure their devices are meeting some basic security policies. That's awesome. I'm going to say that. One of the things that we do plan on using is we use an inventory tracker for our IT issued devices. And so I plan on adding the opt-in policy to that device tracker so that we can see under each individual employee, you know, what laptop they have, what monitors they have, and then also whether they've opted into the policy so that we're tracking it somewhere in our inventory. And I am looking for our technology policy that I have cleaned up a little bit and I'll throw that in the chat here shortly. But I'd love to answer any, get your questions answered. I mean, you came to the webinar today so I'm guessing that you perhaps had questions. This is your chance to engage with Ellie and engage with other people in the community to get some answers. So please take advantage of this opportunity. Jason, I think you raised your hand. I think you can come off mute on your own, if so, go for it. Jason, we can't hear you. So I don't know if your mic's not working. While you figure that out, Mary, I see your question about the percentage of staff using our BYOD. So I've just put the BYOD policy recently together by done all the research on it. And so I'll be taking it to the executive team and rolling it out for the rest of the year. Can you hear me? Yes, I can. Go for it. Oh, okay. Sorry. So, you know, we even set out our, you know, we have a pretty good draft of our BYOD policy. You know, the one thing I guess I'm kind of struggling with at the time is, yeah, cell phones. We, you know, we have roughly 160 employees and that's a lot of cell phones to issue out for, you know, to keep track of and stuff like that. I mean, is it the most secure method? Yes. There are, you know, even if we issue, you know, the cell phones to, you know, the people, they're gonna use their personal phone for business related issues. But I guess, you know, point taken, you know, as long as you have the policy and everybody understands that, then you're, you know, you're protecting their organization. But, you know, just curious to know your comments on, you know, what you've kind of came across and what you kind of resolved. You know, I do like that opt-in policy, you know, that I think that could be very useful in something like this. And the people that don't want to, you know, opt-in would then, you know, be required to have an issue, you know, work issued cell phone, you know, your points of, you know, taking pictures. I didn't think about that as far as, you know, updating them to, you know, you know, Facebook account and now that's something that we would have to have records of. So just curious to know how you tackle that and what things you thought about as far as, you know, coming up with a policy. So I've actually thought of a couple of things. So there are, on the realm of the spectrum, there's like everybody uses their own device, everybody uses an internal device. And when you think about internal devices, I think, well, that's super expensive. What does that look like from an organizational cost perspective and then also resource management perspective on the IT infrastructure of managing. So for me, what I have thought through is, okay, so who really needs a cell phone that's company issued and what does that look like? And so at CLS, we are going to roll out the, but opt-in, the YOD policy people use their personal devices. We have two, yeah, two company issued cell phones for members of the executive team that needed them for work reasons. But, and this is what I impart to you, Jason. I had an idea recently was that not all cell phones need to get called. And so what we did for our communications department was I asked the IT department and I asked the comm department, hey, does anybody have an old phone that you're not using anyway? And it turned out that somebody did. And so we wiped the phone, it's not connected from any kind of phone service. And I told the, and we delegated it to the communications department and said, this is the phone you will take photos on for CLS. And it will be, it's a company issued phone now, but it doesn't have cell phone service. And so it didn't cost us as much because A, it was donated to the organization for free. It also, we don't have to pay maintenance in terms of every month cell phone issuing. However, now that device is owned by the organization. If they were to leave the organization, we say we need that phone back. And so that was something I had thought maybe a way to resolve people who want to have a company issued phone, but maybe we don't have enough money to issue everyone a phone. Now it could be an IT nightmare to have a bunch of different phones. But since they're not, as long as they're not too old and as long as you're making sure that people are updating them periodically as a part of the IT infrastructure anyway, you could do a phone drive through your organization and say, hey, if you've got a phone sitting in your drawer that's not working, that may be the phone you had before the cell phone you're using now, donate it to our organization and our IT department's going to use those as company issued devices. That's an idea I came up with. I don't know if it helps at all, but that's one thing to consider. Yeah, I think that that is a good idea. We do have office cell phones that people can use and that's before I think really people's, before they really became remote and mobile, but now you have, just everyone's just so mobile. So, and people are calling on clients, they need to call clients. I guess it's, there's so many factors you got to consider I guess is, yeah, who, what are they doing with their phones? What types of services are they texting clients? I hope not. You know, it's that type of thing you really need to think about. You know, we're looking at upgrading our phone system and as they, you know, get in a mobile app and put those on people's devices that they'd be calling and so we'll still have a record of that within the cloud. But, you know, and then the texting would be handled through the, you know, through the telephone provider as well and that wouldn't be directly on the phone would be within the, or in the cloud. So those are some things that we've been thinking about to try to figure out, you know, not, or to alleviate the, you know, issuing work cell phones to, you know, the attorneys. So, you know, those are, you know, some things I'm thinking about and but it, like I said, it comes sometimes down to, you know, who really needs them and if, but also keeping within security policy of that, of what the organization develops. But it is a lot of moving parts. Definitely. And there were a couple of points in there that I, you know, that client communication, you know, you have to have a policy on client communication and any communication documenting in your case management system. You know, so all of these things tie together. It's really important to make sure that your employees understand that there has to be that documentation. So you may allow them to use their own devices, but things need to get put into the case management. Paul, I know your hand had been up. Did your question get answered? In a roundabout way, yes. I was really just curious as to why there might be a need to do a allowing staff to bring their own device. I mean, is it a financial sharing of the burden because I know providing equipment to a nonprofit organization can be expensive. So are you trying to share that cost with the staff or is it more of a convenience factor that that's their personal preference? I'm coming at it from both sides. I'm looking at it from the business side, from a financial cost, looking at it from the IT side, from a management stock's cost, and also the eDiscovery background as well. I spent six years doing eDiscovery projects as well and having to go to a partner's house to do an eDiscovery document collection because he had forwarded emails to his home computer. So it's messy and I'm just trying to figure out what's the, I think if I better understood the motivation or the desire for what is driving this request for bringing your own device might help better formulate our response. And I was just curious just what other people, what's the purpose that you're trying to accomplish by allowing it? I totally welcome this question to the group but I will answer from my perspective. So I joined Community Legal Services a year and a half ago and there are attorneys at the firm who are using their personal computers and always have been. And everyone else is using a, and those attorneys don't want to move off of their personal device. And almost every person in the firm is using their cell phone in some capacity. So at our organization, it is already pervasive that people are using their devices. So it's about how do we mitigate risk of something we know the employees already plan on doing, they are doing and they want to do. And how do we secure that as much as possible? I think if you were to come into an organization that had no employees, you were starting the organization up and you had the IT infrastructure to say, hey, we're gonna issue everyone their own devices, everyone's gonna use it from the beginning and everyone's really excited to keep their work life with work and their home like with home and they're never gonna mix the two, then there's no reason to have a BYOD policy except to say that at our organization, we don't use our own devices. And that is a totally acceptable BYOD policy. We only use company-issued devices. So I think some of it is about knowing where your organization is and how their employees want to work. Yeah, and that's, I understand it entirely. I mean, it's kind of the genies out of the bottle, you can't put it back in there. For several people have already grown accustomed and they've got their own personal lives, which in some cases may be of a higher quality or a higher capability than the ones that I'm gonna provide them. We try to provide people with new quality equipment, but we don't do cell phones. That's just a decision that was made years ago. So everybody's using their personal cell phone and yeah, we've given them a voiceover IP app that they can install. So now you've extended the organization's needs to a personal device. And then so at that point, I mean, like I said, the genies out of the bottle, I was just trying to better understand that'll help formulate what's the right spot. I don't think we're gonna shut it down and start over though. So I gotta figure out a way to make it work. I did see Adrienne or Adrienne ask a question. She or he, I don't know. If you have a corporate dev and it gets confiscated or corporate device and it gets confiscated due to being used as evidence in a legal or regulatory matter, that is not a big deal. What are the implications of the BUIOD? I assume that was a big deal. If you're gonna get the device back, it's not a big deal. I guess there's a question there. I don't ever wanna see a device of mine out. I don't wanna see the device of mine to someone else and allow them to do whatever they want with it because that to me is a breach of client confidentiality. I have, probably two or three years ago when there were all of those stories about TSA asking to take someone's phone or laptop into a private room and do, we don't know what with, I had often wondered what would happen if they came up against a lawyer who refused to give over their device based on client confidential information or even somebody who has trade secrets on their device. I think a lot of that hasn't been litigated but I think you'd see a lot of people go to bat for the, or get the bars involved to go to bat for why that device should not be seated to that regulatory organization. And if I've misunderstood your question, please, I see you came off mute though. No, I have never encountered it before. I know that it is a possibility. And so, that's a huge reason for me not to use a personal device for corporate use because now you're without your phone and everything on it. Plus, like you said, there could be potentially other private data that shouldn't be viewed. So, I was just wondering if there were situations that you were aware of or something like that happened. I haven't seen it and I've been watching for it. I just have it. I don't think it's been tested in court really yet or if it has, I welcome any of you to share court cases with me. I'm really fascinated by what the implications of both of that is, but I haven't seen it yet. Thank you. Also a great question. So, going back to Paul's question a little bit, I think there's also when attorneys work with, say, rural clients who work in agriculture or things like that, many of those clients use WhatsApp. So, having WhatsApp on company computers sometimes can be problematic due to policies. So, it can, or if they're going out in the field, it's very convenient for the attorney to use that app on their phone because they're out in the field, may not have access to, say, their laptop. So, there can be many reasons why use of a personal device for work. I think convenience, I think for all of us, it's very nice to be able to roll over, look at my calendar and know whether I can be in workout clothes all day or if I need to, if I need to be a little more professional that day. So, I think that's where we, a lot of people just use for the convenience of it. Yeah, I think it does come down to convenience. I think one other thing I'll say, Adrienne, and I'm not sure that I'm saying your name right, please feel free to correct me, is while we're talking about BYOD policies today, the first policy that I implemented completely at CLS was a travel and technology policy. And we have basically set as an organization, you can go anywhere in the US that you want, any in the US is fine, and you can have your devices with you. You may not travel out of the country with a CLS-issued device and you cannot travel with any of your CLS-issued, like connected apps while abroad either. Right. And that's, you know, we don't wanna be the one to test that PSA case. Well, no, and not only that, there's a lot of different regulations in different countries, which then you may not be properly following. That, and I also, so the conversation we've had at our organization about can people work remotely from these other countries, and especially I understand that I'm impetuous, especially when you see so many people with digital no-mads on your scrolling, you're like, doesn't that seem lovely? The problem is that I said, you know who doesn't want the responsibility of deciding which nation states are safe to take a laptop to and which ones aren't? This gal. So since it's not gonna be my job to decide, yes, you can go to this country, but no, you can't go to this country because that one's not cyber safe. And also keeping that up to date because it could change moment to moment or at least week to week. And I could have approved someone going with a device two weeks ago, and now all of a sudden there's a really big problem and they can't take their device to that state. And so because of that, you're right. We also don't want any of the regulatory risk about, and so Singapore doesn't actually allow Airbnb's. It's illegal, even though there are some that you can rent. Well, somebody rented an Airbnb in Singapore and then that turned out to be someplace that, or at least they couldn't last time I checked when I was actually visiting. And if somebody rented an Airbnb and then regulatory bodies broke into that place and said, hey, you're not allowed to be here and confiscated the device, what recourse do we have? And just because we don't wanna deal with any of that risk, I told everyone, you wanna go to Puerto Rico, you wanna go to Guam, you're great, anywhere else outside of the US or like anywhere that's not a US territory or a US state can't go there with our stuff. Right. All right, so that's two policies for a price of one. Well, if we don't have any questions, I certainly don't want to take up more of your afternoon, but this is your chance. We still have a few minutes on the schedule. So if you have a question, please let us know. If anybody else has implemented a BYOD policy, I would love for you to, I'll drop my email in the chat. If you don't mind sharing, I would love to see yours so that I can compare it to mine and see what provisions I may have forgotten or should include or maybe three words that would be stupendous. Shelly, if it doesn't look like we've got too many questions, maybe we can stop recording and then just hang out a little bit afterward in case anybody wants to ask another question. Perfect. So I'm gonna go ahead and end the recording by doing my sum up and then we'll turn off the recording and if people have questions, sounds like a good plan. So thank you so much for joining us today. I appreciate everyone stopping by and I hope that this session has been helpful. We always are looking for ideas on what kind of sessions would be helpful for you. So please give us feedback and let us know. And thank you so much.