Device Privacy

Overview

With mobile devices slowly permeating into organizations, managing them comes up with its own set of challenges especially with respect to the data collected. Data collected, even for management purposes can be used for identification causing privacy concerns and futher exemplified, in case of personal devices(BYOD). MDM however, lets you customize the existing privacy settings to suit the needs of the organization. You can choose to configure the settings for all the managed devices or only for corporate/personal devices, ensuring privacy is maintained.

It is also recommended to configure Server Privacy Settings to ensure data privacy on the server, Server Security Settings to ensure data security on the server and Terms of Use which sets the mandate for the data collected and purposes for collecting the same.

Policy Description

You can choose to configure the device data collected and displayed on the MDM server. Additionally, you can also configure whether to execute remote commands on device or not. Further, you can also choose to display the privacy policy derived from the privacy settings, to the users. These settings can be applied to personal and/or corporate devices

Configuring Privacy Settings

On the MDM server, click on Admin tab from the top menu and select Privacy Settings.
Configure the policy based on the table given below:

PARAMETER	DESCRIPTION
Device Data	Configure the device data which MDM is permitted to collect and display. By default, IMEI and Serial Number are collected and displayed. However, you can choose whether the following data can be collected or not: Phone Number - For maintaining inventory audit and generating related reports. User-installed apps - For generating related reports and performing actions such as app blocklisting etc., Device Name - For maintaining inventory audit and generating related reports. Geo-location - For knowing where the device is and to perform related actions such as Location History etc., Device State Reporting (Applicable for Chrome devices) - For knowing the device state, whether active or not, including the duration the device was active. Recent Users Reporting (Applicable for Chrome devices) - For maintaining the list of users who have recently logged into the device.
Remote Command Execution	Specify whether the remote commands can be executed on devices or not. In case of data wipe, you can choose to either enable/disable it but in case of Remote Control, you can also leave it to the user
Policy Display	Configure whether the user can view this privacy policy or not. Users can also view the list of data collected and the purpose for the same. It is recommended to provide details regarding the data collected and the purpose for the same, on the Terms of Use distributed to the users.
Applicable Devices	Specify whether the policy is to be applied to corporate and/or personal devices.

In case of Lost Mode, the device location is tracked and security commands such as data wipe etc., get executed irrespective of the settings configured, as the user explicitly grants consent for executing Lost Mode.
It is also recommended to distribute the updated version of the Terms of Use policy, every time these settings are modified.

ManageEngine