Workspace ONE allows organizations to reach the perfect balance between User Experience, Security, and Privacy. As different privacy regulations go into effect globally, more and more customers are asking how Workspace ONE can help provide privacy and transparency for end-users. At VMware, we take end-user privacy very seriously. As a result, the Workspace ONE solution was architected from the beginning with privacy principles in mind. Whether you are managing corporate owned or employee-owned devices and supporting one or multiple platforms, the Workspace ONE solution can be configured to ensure all users and devices, regardless of use case, are protected. Let’s take a look at these different privacy features and how to configure them.
1. Privacy Officer Role
Many of our customers already leverage roles based access control (RBAC), a key tenant of our UEM solution. However, not everyone may be aware that there is a role specifically for the “Chief Privacy Officer”. Not every company has a dedicated privacy officer, but we are seeing that this role is being filled either as a function of Human Resources or Office of the CISO.
The Privacy Officer role controls access to the following policies:
Policy |
Permission Level |
Hub Overview | Read |
Device List View | Read |
System Settings | Read |
Privacy Settings | Edit |
For more information on how to effectively use roles based access control for different functions in your organization, please reference this guide.
2. App Privacy Notice
Workspace ONE mobile apps built by VMware on iOS and Android display a privacy notice to end users clearly articulating what is collected. This helps in transparently informing the user about what data is collected.
The privacy notice is broken into the following sections:
– App data collected: clearly lists the data collected by the apps in terms that the end user of the app can understand. We also articulate why the data is collected by listing the features or benefits to the user. Each app has this information and this cannot be changed by an IT administrator.
– OS permissions requested: clearly lists the operating system level access requested in terms that the end user of the app can understand. We also articulate why the data is collected by listing the features of benefits to the user. Each app has this information and this cannot be changed by an IT administrator.
– Customer privacy policy: IT administrators can configure a link to their privacy policy for their end users within the Privacy Notice. Follow the instructions on how to configure this in the guide linked below.
– Data sharing: End users can opt-in (or not) to share data on how they interact with the apps so we can improve the app experience. This data is analyzed in aggregate and we do not know individual users.
The App Privacy Notice is presented to users when they install or update the app. Users can also access it on-demand in the app settings menu. The App Privacy Notice is shown on all devices, regardless of whether they are using Mobile Device Management or Mobile App Management i.e. the notice is not dependent on an MDM profile pushed to the device – it goes with the app.
See this article for more information and learn how to configure: VMware Workspace ONE Mobile Applications Privacy Update.
3. Privacy Notifications
Administrators can provide a user-friendly web app or notification that provides end users with what data is collected from their devices based on their device type, deployment type, and ownership type. This dynamic privacy notice is used when an organization is deploying a mobile device management (MDM) profile, whether for BYOD, Corporate Owned, or even shared LOB devices. This can be deployed as a mobile privacy web app (webclip) automatically pushed to the user’s device, or as a notification using message templates.
For steps on how to configure these notifications, please reference the following guide
4. Privacy Learning
All of these features above are great, but how can organizations ensure that end users are aware of and understand how to leverage what is available to them? We have launched an end user facing website called WhatIsWorkspaceONE.com. This site not only educates users on how to use the privacy tools but also provides demos on how to best use the different Workspace ONE apps and services to increase productivity.
As organizations work to best understand the impact of new and improving Privacy regulations, Workspace ONE is at the forefront, defining privacy best practices for mobile apps.