Originally Posted by
evergrn
Whenever I'm off work, including all vacations, I need to have work access through my phone and laptop.
Few years ago, my company started requiring that I have this MobileIron app on my phone in order to continue to use another work-related app. The MobileIron app must be set to allow my employer access to knowing my device location.
For work access through my laptop, I found out today the Citrix software (which grants me access to work) can only be enabled if I allow permission for it to monitor my physical location.
So at this point, I have no way to work during my time-off without my employer knowing where I am. I feel like I should be allowed to spend my vacation time without my job knowing whe
Is this becoming a common practice? If so, what is this driven by? Is this somehow important to enhancing IT security? Or is it data collection by employers? Do you think it could be used to monitor employee compliance with the company's Covid-related travel restrictions?
It depends on how granular the device location service is set to. Regardless, they would have at least some idea of where you are as IPs can be mapped to (at the very least) country or province/state (and in some cases, even down to the city). This is all done without accessing a GPS (although if the IP mapping isn't updated by the owners of the address, it can throw things off). Mobile Iron is a mobile device manager (MDM) which would likely have access to the GPS of your phone.
Is this common? Increasingly yes. It really depends on your industry. In some cases, it is for the employee's physical safety... your employer likely doesn't care if you use your work laptop at the local Starbucks or other coffee shop as long as you follow the proper computer hygiene (eg, connect via VPN, use a screen protector, use data encryption, etc.). However there are several implications if you leave your "jurisdiction"...
- data security... I and others have discussed this multiple times... if you were to go to a country that is likely to surveil you (eg, China or Russia), your laptop/phone could become compromised or your connection might not be secure.
- tax issues... while unlikely, there might be tax implications for you or your employer if you work outside a zone you're not meant to (eg, your nominal workplace is in the US and you submit unexpected expenses for the UK... might raise concerns during an audit).
- data access laws... your company data might have "residency: requirements (common for sensitive data)... if you access it from outside the residence, you could be violating a law.
- physical safety... there are a few industries where your physical safety might be at risk. For the employee's benefit, the employer might need to know where you are or have the ability to locate you.
There are a few other scenarios (especially phone and physical location) that come to mind, but this should give you a good start. If you are concerned, I'd check with your IT or HR teams to see why this information is being required/collected (note this may be a sensitive topic to them but most good employers will explain their reasons).