An organization's information can be put at risk when staff begin to bring their own devices and use them in the workplace. As a result, in such cases, an organization should consider adopting an appropriate bring your own device (BYOD) program to seek to manage the risks inherent in such activity. Written by Martin P.J. Kratz, QC, Michael R. Whitt, QC, Stephen D. Burns, J. Sébastien A. Gittens and Graeme S. Harrison and published in Canadian Privacy Law Review.