Marzo 21, 2022

Protecting your personal information and privacy on a company phone

Joel Snyder

When you use a new employer-issued smartphone, or you use your own phone to read your work email, you might ask yourself, “Wait, did I just let my employer look at everything on this phone? Did I just give up my privacy?”

Well, maybe some, but probably not anything that should be of concern. There are three things protecting your information: the technology itself, your employer’s device policy and the law (at both federal and state levels).

Here’s a look at all three — and exactly where you are and aren’t protected.



All smartphones have a number of built-in features that can help maintain the boundary between your work life and personal life. Some of these features are for you to use just to keep things organized on your own phone. Samsung’s Dual Messenger capability, for example, lets Android phone users create two different accounts, such as a work account and personal account, in chat apps such as WhatsApp and Facebook Messenger. But these boundaries are more intended for organization than for actual privacy.

To really isolate things so that your employer can’t access personal data, you need Android’s Work Profile feature — a capability that doesn’t exist in iOS. When you establish a Work Profile on your Android phone, there’s true isolation between this profile and the rest of your smartphone.

In terms of privacy, if your employer has control of your Work Profile — which is how things are normally set up — then the information outside of that profile is absolutely off limits to them. They can’t see any of your private data, contacts, calendar events, messages, emails or camera roll. (Which means that you’ll need to back up these items yourself.)

But from a technological point of view, there are some things your employer can control outside of your Work Profile. For example, your employer may be able to keep you from installing certain apps, even on the personal side of your phone. They can also remotely lock your phone or erase it if necessary.

Your employer’s exact capabilities will depend on how your phone is set up. For example, many employers use a Bring Your Own Device (BYOD) approach to let you use your own phone for work but give them a little piece of the phone that they can protect for work purposes. In a BYOD environment, your employer may be even more limited in what they can do. On the other hand, some organizations use a Company Owned, Personally Enabled (COPE) approach. In a COPE environment, your employer still can’t reach into your private data, but they do have more control over the device settings, such as requiring a passcode to unlock your phone or tracking the device’s location.


Company policy and its affect on privacy

Your employer’s specific BYOD or COPE policy is also an important part of keeping your personal data private. In the U.S., employers have tremendous flexibility in what they can regulate. While the employer has the advantage in writing the policy that the employee has to agree with, these policies still have to be very specific in what types of information your employer can look at. If the policy doesn’t address a particular issue, then employers don’t have permission to overstep any privacy boundaries.

For employees, this means their employer’s BYOD or COPE policy must define all of the rules for data privacy. And if your employer says the information on your phone is considered private, then they cannot legally violate their own policy.

In the U.S., employees traditionally haven’t expected much privacy in employer-provided IT systems, such as company email — but that’s changing rapidly. When privacy issues have gone to court in the past, employers have usually won, because employer policies used to say, in effect, “You have no reasonable expectation of privacy on anything you do on our network.” In other words, if the policy says that particular information isn’t considered private, then you’ve been given notice that your employer can look at that type of data on your smartphone. This is true whether the device is personally owned (BYOD) or owned by the employer (COPE); U.S. law allows employers to enforce their device policies as long as the policies are clear and agreed to by the employee.

This imbalance in favor of employer access has changed as more people have started to bring their own smartphones and other personal computing devices to work. People have become much more sensitive to privacy issues, and policies have changed accordingly, giving greater respect to employee privacy and reassuring people that their private information will stay private.

The gray area emerges when an employer’s device policy doesn’t say anything about privacy. If there’s a question in court about what the policy says, the judges will likely ask, “Is there a reasonable expectation of privacy for this kind of information?” Employers can’t easily justify peeking into your smartphone for information that would normally be considered private. But a “reasonable expectation of privacy” can be interpreted very differently in different courtrooms.



Laws and regulations are third in this list because in the U.S. there are very few laws that directly protect your privacy, especially at the federal level. The Constitution doesn’t explicitly list privacy as a right, but the Supreme Court has stated that there are “penumbras” (shadows) within the Bill of Rights that give us a general right to privacy. These penumbras are generally cited when a law goes too far and invades our privacy rights — which is very different from protecting an employee’s right to privacy on their smartphone, no matter who paid for it or who manages it.

Since the federal government offers few protections, privacy rights are now determined state by state. Traditionally, California state law advances these protections faster than other states, but other states are also legislating in this area. The general direction across most of the U.S. is for state legislatures to increase privacy rights, but these rights remain very uneven.


Following the rules

Most of us think about privacy as personal protection, but it’s important to remember that we can forfeit our privacy if we don’t follow the established rules. Most BYOD/COPE policies, for example, say that certain device uses and apps are work-specific, and that’s where the employer is allowed to look; everything else on the device should not be used for work and is off limits to the employer.

To stay within the policy limits, you have to only do work within the apps that are controlled by your employer. For example, if policy states that all of your work chats must be in Microsoft Teams, choosing to have those conversations in WhatsApp or Facebook Messenger could cause you to lose some privacy rights to other software or data on your phone.

At the end of the day, your best phone privacy protections come from technology that partitions your work data and employer access from everything else on the device. At the same time, a clear and fair BYOD/COPE policy also helps protect employees’ privacy and sets the limits of what is and isn’t allowed.


An aside for HR and IT

To avoid problems with your company’s BYOD/COPE policy, make sure the policy is clear and understandable to your employees, and that employees are trained on the policy; that the policy is certified, even annually, to ensure that employees understand it; and that the policy is consistently enforced across the organization.


For more mobile security solutions, discover the array of tools in Knox Suite, Samsung’s end-to-end set of device management tools.

[Ícono] cerrar

Obtenga la solución adecuada para su empresa

Únase a más 25 000 organizaciones de todo el mundo.

[Ícono] maletín
¿Es un distribuidor o socio de soluciones?

Obtenga acceso al programa de socios de Knox para disfrutar de herramientas útiles para socios, como el portal de Knox Deployment Program, el portal de MSP de Knox, los SDK de socios y mucho más.

[Ícono] información
Unified Endpoint Management
Knox Suite
Cambios de marca y personalización
Knox Configure
Protección contra el fraude y el robo
Knox Guard
Plan de protección de dispositivos
Samsung Care+ for Business
Otros productos y servicios

Comience con

[Imagen] Knox Suite

Paquete de soluciones todo en uno para ofrecer movilidad empresarial.

[Ícono] Marca de verificación

Únase a nosotros y obtenga una prueba gratuita de 90 días de Knox Suite y otros productos Knox. * Se quiere aprobación

[Ícono] Marca de verificación

Un conjunto completo de herramientas para proteger, implementar, administrar y analizar los dispositivos móviles corporativos de su empresa.

[Ícono] Marca de verificación

Pruebe funciones potentes incluidas en Knox Suite, como el soporte remoto de Knox.

Knox Suite incluye lo siguiente:

[Ícono] Knox Platform for Enterprise Knox Platform for Enterprise
[Ícono] Knox E-FOTA Knox E-FOTA
[Ícono] Knox Mobile Enrollment Knox Mobile Enrollment
[Ícono] Knox Asset Intelligence Knox Asset Intelligence
[Ícono] knox manage Knox Manage
[Ícono] knox capture Knox Capture

Comience con

[Imagen] Logotipo de Knox Configure

Configure de forma remota los dispositivos Samsung en masa y personalícelos según las necesidades específicas, desde el primer momento.

[Ícono] Marca de verificación

Después de obtener la aprobación, puede probar lo siguiente::

  • Setup Edition: diseñada para una única implementación
  • Dynamic Edition: implemente y actualice las políticas tantas veces como sea necesario sin tener que realizar un restablecimiento de fábrica.
[Icon] Check mark

Pruebe Setup Edition o Dynamic Edition de Knox Configure en hasta 30 dispositivos.

[Icon] Check mark

Obtenga una prueba gratuita de Knox Suite tras recibir aprobación para probar nuestro UEM.

Comience con

[Ícono] Logotipo de Knox Guard

Controle de forma remota los dispositivos Samsung para reducir los riesgos financieros y proteger los activos.

[Ícono] Marca de verificación

Tras obtener la aprobación, genere una licencia de prueba gratuita por 90 días.


Pruebe todas las funciones de Knox Guard en hasta 30 dispositivos, incluidos el control de SIM y el bloqueo de dispositivos.

[Ícono] Marca de verificación

Obtenga una prueba gratuita de Knox Suite tras recibir aprobación para probar nuestro UEM.

Comience con

[Imagen] Logotipo de Samsung Care Plus For Business

Proteja sus dispositivos empresariales contra daños accidentales y fallas mecánicas-

[Ícono] Marca de verificación

¿Ya es cliente de Samsung Care+ for Business? Cree una cuenta y acceda a la consola Samsung Care+ for Business.

[Ícono] Marca de verificación

Comuníquese con el equipo de ventas de Samsung y obtenga tranquilidad en la gestión de sus dispositivos.

Otros productos y servicios

[Imagen] Otros logotipos
[Ícono] Marca de verificación

Samsung ofrece soluciones adicionales para satisfacer las necesidades únicas de su empresa. Comuníquese con un experto de Samsung hoy.

Volver al principio