Do your employees access work-related emails on their smart phones? Do you allow your employees to connect to the company network on personal devices? Do your employees store customer information or company documents on their mobile devices? If you answered yes to any of these questions and you do not have a Bring Your Own Device (BYOD) policy in place, you may be putting your company at risk.
With the proliferation of smart phones, tablets and laptops over the past decade, employees, employers and their customers have become accustomed to around the clock communication and information sharing. While this kind of constant connection and interaction can be beneficial to employee productivity, innovation and a company’s bottom line, if it is not controlled through a comprehensive BYOD policy, it can also lead to serious problems.
In its simplest form, BYOD refers to a policy where employees are allowed to use their personal mobile phones, tablets and laptops to access company information, networks and systems. A BYOD workforce can benefit a company in several ways. First, there are potential cost-savings to be realized by having employees use their own technology. If employees use their own devices rather than company issued equipment, the company may be able to reduce or displace some of its technology costs. Additionally, employees tend to upgrade their personal devices more often than employers, allowing a company to utilize better technology without having to incur the expense of updating its own system. Employees also tend to be more comfortable using their own devices and therefore are likely to be more productive. This is true not only during normal working hours but also afterhours when employees take their devices home. Convenience is also a benefit to a BYOD workforce. It is much easier for an employee to maintain one smart phone, laptop or tablet than to juggle multiple personal and work devices. Ultimately, for the majority of businesses, allowing employees to perform work using their personal devices is, to some extent, unavoidable. So instead of asking whether you should allow a BYOD workplace, the better question is how to manage a BYOD workforce and control the flow of information between company and personal devices.
There are risks to be aware of when implementing a BYOD workplace. Without a comprehensive BYOD policy in place to address security, privacy and the like, employers risk compromising their proprietary and confidential information and exposing themselves to a costly data breach. One common scenario where this problem arises is in the case of a stolen or lost smart phone or tablet. If your company does not have adequate protections in place, the worst-case scenario is that your company’s proprietary information could end up in the hands of a competitor or someone not authorized to view it. A similar scenario could also play out following a termination. If your former employee stored company information on his personal devices, that information is vulnerable to leak if sufficient safeguards are not in place. An employer can defend against these risks by adopting a BYOD policy that allows it to remotely wipe a device if it is lost, stolen or in the event of a termination and can also protect itself by requiring specific password protections on employee devices or by mandating the use of other mobile device management software.
Beyond the data risks associated with BYOD workplaces, there are also legal implications to be aware of when adopting a BYOD policy, the most common of which is privacy concerns. Assuming your company has a BYOD policy that allows it access to an employee’s device, the question becomes what information your company can store, access and view while maintaining the reasonable privacy expectations of your employees. While it is easy to tell an employee that he cannot access specific websites or send personal emails from a company issued device, such rules do not apply when employees are using their own technology. Employers need to carefully balance their right to protect company information with the rights of their employees to maintain a separate, personal life.
Another legal hurdle that arises in BYOD workplaces is the potential for overtime violations. While overtime issues can affect non-BYOD offices as well, the potential for these types of violations is more prevalent in the BYOD context because of the convenience factor. If your non-exempt employees are using their smart phones or tablets after hours to answer emails or review company documents, this time could be viewed as compensable and could translate to serious overtime violations if not controlled through a comprehensive BYOD policy.
Ultimately, if your company is going to allow employees to use their own devices for work related purposes, you need to adopt a BYOD policy that addresses your organizational concerns and puts safeguards in place to protect both the company and your employees. Additionally, you need to ensure your employees understand the policy and are cognizant of what they have to give up in exchange for being allowed to use their own devices. Together, a well-crafted BYOD policy and an educated workforce can help reduce the risks and legal implications faced when juggling the realities of BYOD workplace.
This article is for informational purposes only and should not be relied upon or construed as legal advice. For advice in connection with implementing a BYOD policy, you should consult with an attorney.
Layne Kamsler is an experienced employment attorney with the law firm of Hipes & Belle Isle, LLC, www.hbilawfirm.com, in Alpharetta, Georgia. In addition to drafting employee policies, handbooks, and contracts, Layne also has extensive experience with EEOC investigations and litigation.