If an agent or officer's personal device was lost or stolen, would your IT team be notified? Do you trust your employees to be honest if an important database was manipulated because a family member accessing BYOD thought it was a different application? Do those using BYOD recognize what constitutes a data breach and what types of incidents should be reported?
Of course, these mobile threat detection and device management guidelines should be included in LE BYOD policy, but that doesn't mean the employee will follow the directive. If the device is lost or stolen, they may not worry about the organization's security concerns; they may instead react to their personal losses. If there is another type of incident that is a more clear breach, they may be too afraid of the repercussions to come forward with the truth.
As previously mentioned, all BYOD and mobile device management policies should include clear language outlining the division between personal and work material on mobile devices. That way, when the worst case scenario happens, there are no questions of responsibility. For example, the organization should have the right—and the ability—to remotely wipe any device holding corporate information. There should be a clear reporting policy without intimidation. Rules for working with an employee post-breach should be the same for both BYOD and department-owned devices whenever possible. An officer frightened of losing their job because they lost their phone may remain silent for as long as possible, which could lead to greater risk of compromise for data and assets.