Let's say that instead of a drug dealer, the victim was a doctor, arrested for speeding. (Doctors never speed, right?) And let's say instead of searching a text message string, the officers looked at Protected Health Information (PHI) on the doctor's mobile device — and uncovered a list of patients under treatment for, say, AIDS.

The potential consequences to the hospital are devastating: Not only must it inform patients of a privacy breach (an effort which can, by itself, cost millions of dollars). It may also face fines and legal action for allowing the information to be revealed in the first place.

Worse, options for protection are uncertain. One solution is to require password protection and encryption of sensitive data — but it's unclear at present whether the law requires the arrested individual to enter the password. And what if the device contains automatic links to confidential websites -- in other words, the information that can be accessed resides in the cloud rather than on the device itself? Does law enforcement have the right to view such information? The law doesn't say.

The bottom line? The time to think about managing and protecting mobile devices is now. And your strategy should include appropriate encryption, authentication, and the ability to wipe devices instantly in the event of a breach -- even if that "breach" is created by law enforcement.

Johnson is president and senior founding partner at Nemertes Research, an independent technology research firm. She can be reached at johna@nemertes.com.