Not everybody has the talent to be a good author (I don't fool myself). Some writings get muddled, and some responders simply interject confusions.
The topic(s) of ‘data privacy rights’, why they are needed, and including who is subject to adhere to regulations concerning them, why they are subject, when they are subject, and the regulations themselves, all deserve to be logically discussed .. . .. .Because there ARE regulations. -Regulations concerning information that a person or other entity may hold [about] another person, or other entity, which, if obtained by an unauthorized 3rd party, could be used in an unauthorized manner. (If you legitimately [authorized] collect and save someone else's information, you have a responsibility to protect that information from unauthorized access, viewing, collection and\or use. And, generally, authorized for your use does not authorize you to authorize any other person or entity.)
The Ops’ title is: - “Employee-Owned Devices Muddy Privacy Rights”
- Business and Tech headlines lately are loaded with mentions about, and references to such things as, “Bring your own device to work(BYOD)”, “Commercialization of Corporate IT”, etc., etc., which talk about employees using their own devices to access work-related assets, for different reasons.
As is pointed-out in various comments above, the persons or entities that are subject to the aforementioned regulations are required to take ‘reasonable steps' to comply with those regulations.
It is NOT reasonable to ‘assume’ an employee’s personal device is and will remain to be ‘in compliance’ with the subject regulations, therefore, it is NOT a ‘reasonable step’ to openly allow employee-owned devices access to the internal information.
The computer systems we saw on television, Star Trek and the like, will one day govern us; but not yet.