All, To date, our policy regarding mobile devices (smartphones, tablets) is that intermingling of personal/business data is not allowed and that mobile devices that locally store county data must be owned/managed by county IT so we can enforce security. Currently, we only offer BlackBerry devices managed through BES. As you might expect, this policy leads to frustration for people who don't like BlackBerrys or who want a single, integrated view of their calendars/mailboxes/tasks. I tell them the policy is for their own protection, and that allowing county data to physically reside in their personal device's memory, intermingled with their personal data, has two important ramifications: 1) the safety of any sensitive county data residing on a personal device is entirely dependent on the inherent strength of the security tools available in the device, and the degree to which the user takes full advantage of those tools and uses them responsibly. In other words, data on personal devices may be more vulnerable to theft and if any county data is stolen via their device they may lose their job and/or be personally liable for not adequately protecting it. 2) the entire contents of a personal device, including all their personal data, could potentially be subject to mandatory disclosure as part of a public information request or litigation discovery. Theoretically, the personal stuff should be exempt from disclosure, but in practice if you routinely mix business and pleasure the courts may judge that you've waived your right to privacy and compel you to release everything. Some people never deal with sensitive county data (or think they don't), and don't have any personal data they fear disclosing. But for others data security is a huge concern, especially employees in HR, law enforcement, and health. I carry both a personal iOS device and a county-owned BlackBerry so I can maintain full separation of business/personal data. The alternative to a county-owned BlackBerry is to only access county email through a web client so that the data stays on county servers and never resides on the personal device. The first option forces you to carry two devices. The 2nd option requires an extra login step and sacrifices push notification of new work email/appointments. Neither is ideal, but they avoid the risks of intermingled data. How do you approach this issue? Best regards, Mark L. Decker CIO / Technology Director Jackson County, Oregon (541) 774-6023