Of all the technology trends affecting the workplace, few are as potentially powerful as BYOD. BYOD stands for Bring Your Own Device, a phrase that describes workplaces where employees use their cell phone or computer to access the systems, networks, and data of their employer, or where employers issue devices to employees to be used for work and personal purposes.
Most people don’t want to carry redundant devices, and it shows: Dual-use devices (used for professional and personal purposes) are everywhere. Recent estimates suggest that upwards of 82 percent of companies are operating a BYOD workplace (even if they don’t know it). BYOD is driven by the convergence of two important societal trends.
The first trend is the consumerization of information technology—the rise of individual consumers making personal choices as to what hardware, operating systems, platforms and services they use to accomplish tasks. The second major trend is the blurring of work time and personal time. Together, these two trends are making the incidence of employees performing work outside business hours and on their own devices more common every year.
Like many workplace innovations, BYOD has its upsides and downsides. Most companies embracing BYOD see an increase in both productivity and employee satisfaction. This makes sense when employees have the opportunity to perform work on the device, software, or platform they prefer. With a choice of digital tools, employees are able to select the ones that work best for them, and they are consequently more efficient and effective.
Employee satisfaction gets a boost as well, as employees feel valued and empowered by having input into the devices and applications they use to do their jobs. Some employers realize a modest cost savings, but in the vast majority of cases financial considerations are not significant enough to drive a company’s BYOD policies.
On the downside, BYOD can cause some serious challenges for employers, primarily in the areas of data security and employee conduct. On the data security side, companies that possess, access, or create data which must be kept confidential pursuant to state or federal law (like medical records or financial information) can run into trouble if that data is accessed by an employee on an unsecure network, or if the employee’s device automatically backs up protected data to a cloud. Oregon law requires certain companies that collect or store personal information to develop and implement a comprehensive, written data security program.
But keeping confidential consumer data protected is only part of the concern. Employers must contemplate how BYOD can impact and modify the employer-employee relationship. The presumption that many employers rely on and faithfully recite in employee handbooks – that employees have no reasonable expectation of privacy in information stored or transmitted using their employers’ devices or networks – is not necessarily true for dual-use devices.
Employers operating BYOD workplaces must be aware of laws that protect their employees’ data and privacy, like the Computer Fraud and Abuse Act and the Stored Communications Act.
Employee conduct is another area where a BYOD workplace can impact an employers’ exposure. For example, BYOD devices can create wage and hour headaches for a company with non-exempt employees. For hourly employees, work performed will have to be compensated even if the company did not authorize the work or outright prohibited after-hours work without prior approval.
If your company culture encourages or rewards employees who respond to emails after business hours, make sure that any time employees spend working is captured and compensated, including overtime – no matter where or when that work occurs.
Dual-use devices may also further blur the distinction between work and personal time in ways that can raise concerns for employers. Employees may engage in conduct or consume media on dual-use devices that would not pose a problem outside of the workplace, but that can cause significant problems within it. Employees may mistakenly believe that their ownership of a device entitles them to take greater liberties with it.
The adoption of dual-use devices may increase the likelihood that offensive, inappropriate, or explicit content is played or displayed in the workplace. The fact that offensive or harassing content is displayed on a dual-use device is not going to insulate the employer from liability.
The best way for employers to harness the benefits of BYOD while avoiding the pitfalls is to make affirmative decisions as to how BYOD policies will integrate into your workplace, and then consistently apply and update those policies. Depending on the technology and policy decisions a company makes, subtle revisions to many existing policies may also be required, including harassment, discrimination, safety, overtime, privacy, records management, and confidentiality policies.
Employers should be certain to adopt policies that reduce the expectation of privacy on dual-use devices, and should obtain employee consent to monitor all data transmitted on dual-use devices. Additionally, employers should obtain employee consent to remotely wipe the device, including any personal information, in the event it is lost or stolen.
Finally, all employers should prohibit employees from using devices while driving, especially while conducting company business.
As technology continues to impact how we work, it will increasingly impact our workplaces. In the tech-friendly Northwest, employers should put policies in place so that BYOD-related decisions are made thoughtfully and in advance, with the benefit of planning, and not in response to a crisis or complaint.
Damien Munsinger is an employment attorney at Barran Liebman LLP, where he trains and advisesemployers about a range of issues, including technology-driven changes in employment law and workplace policy solutions. Contact him at 503-276-2112 or dmunsinger@barran.com.
