IDG Answers is a community of experts who are passionate about technology. Ask a question or answer one below.
There is a liability issue, not just for smartphones, but for any computing device that is potentially out of the controlling reach of the IT department's security people. Just for starters, use of devices off of company premises, without proper oversight, could lead to the archiving protocol being breached. You may for example, have a great system for archiving, but when that system can't connect to certain devices, you start to have orphaned documents all over the place. That could lead to a liability issue later on if a discovery order comes up.
Not sure what happened to my original response. In any case....There is no right answer to this question. I will say however that regardless of who owns the device.....if your employees are going to be accessing corporate information on their mobile devices (and that most certainly includes email), then you MUST manage and secure the devices. ActiveSync does provide some baseline protection, but there is so much more that can/should be done. You can read a lot more about this at the enterprise mobility forum.
The term personal liability means that a firm's employees are allowed to use their personal mobile devices (notebooks, handsets, tablets, etc.) on the enterprise's network. The benefits are many: users need only carry one handset, for example, and there's no need for the company to spend massive amounts of money on rapidly-depreciating capital equipment. Companies can save on operating expense as well, as users are responsible for device purchases and their own carrier bills, with reimbursements or subsidies used as compensation for business use. The obvious drawback, though, is that support costs can be higher, given the potentially huge diversity of the resulting equipment base, and there is the potential for compromise to both security and the integrity of the corporate network.
The challenges can be largely addressed, however, via the rapidly emerging field of mobile device management (MDM). MDM products and services are available from at least 50 companies at present, and capabilities are expanding al the time. It's still important, of course, to have both security and acceptable-use policies in place, as well as a separate agreement with staff who use their personal devices on corporate networks. While this approach is not going to work in every situation (a case can be made for corporate liability in many environments), personal liability really is a major trend today, and more often than not a win-win for both the company and staff.