The Bring Your Own Device (BYOD) concept has revolutionized the modern workplace. With the growing popularity of the BYOD concept, it has become commonplace for employees to use their personal electronic devices instead of company-owned equipment to perform work.
Many companies now allow employees to access corporate data, including company email, using their personal cell phones, tablets, laptops and wearable devices. In fact, in a recent survey of companies of all sizes, three-quarters of respondents were already implementing or planning to implement BYOD policies in their organizations. Another survey found that 95 percent of large companies allow their employees to use their own electronic devices.
Allowing employees to use their own personal devices can greatly benefit employers. Implementing a BYOD policy oftentimes results in happier employees who feel more satisfied and self-sufficient. Productivity levels can also increase as a result of employees’ increased comfort and efficiency with using their own personal devices. At the same time, employers might see cost savings from spending less on purchasing, licensing and maintaining similar devices for their employees; however, there may be other associated costs.
At the same time, employers should be aware of the security risks associated with BYOD. Since the employee owns the personal device and not the company, employers may have little or no control over the personal device itself. Employers need to consider who else might gain access to their corporate data through an employee’s personal device and the ramifications in case of loss, theft or hacking.
Employers also maybe concerned that employees will be distracted by text messages, social media and other personal cell phone use.
BYOD also comes with potential legal risks. For example:
• Privacy. Even when there is a legitimate business purpose, employers might have limited access to the personal device due to an employee’s right to privacy and laws relating to computer access and electronic information.
• Wage Claims. BYOD might induce non-exempt employees to perform off-the-clock work (e.g., checking email), leading to potential wage claims for unpaid wages and overtime. Also, employers who do not reimburse the costs of the personal device might find themselves facing wage claims from non-exempt employees whose wage rates fall below the statutory minimum wage.
• Harassment/Discrimination/Retaliation. Oftentimes, it is better not to know what your employees are up to when they are not at work. For example, a personal device may contain information about an employee’s disability and that knowledge could be imputed to an employer simply by having access to the personal device.
To protect against these risks, start by conducting an assessment of your business needs and the resources available to determine if BYOD makes sense for your organization. If you decide against BYOD, make sure you communicate this policy to your employees. If you decide to allow BYOD, determine which employees will be allowed to use their personal devices, the types of personal devices that will be allowed, what corporate data can be accessed through these personal devices and what security measures you will implement to protect against the loss of corporate data.
Make sure your employees understand their responsibility in protecting the corporate data on their personal devices, as well as the consequences of using their personal devices for work.
For example, your BYOD policy might require employees to prohibit anyone else from using the personal device; install or refrain from using certain software, grant company access to the personal device, allow remote-wiping of the device or release ownership of cell phone numbers to the company upon separation of employment. If your corporate data includes highly sensitive information, you might restrict access from personal devices altogether.
You might also partition the personal device so that personal and work content stay separated. Make sure to incorporate measures to preserve corporate data on personal devices when employees leave the company or when the need arises in case of a lawsuit or other complaint.
Ultimately, craft a BYOD policy that works for your company. Develop and implement a BYOD policy that is comprehensive and effective by working together with your legal counsel, human resources and IT staff. If you have a unionized workforce, review your BYOD policy with your legal counsel to make sure it complies with the collective bargaining agreement.
Josephine Ko is an attorney at Barran Liebman LLP where she represents employers across Oregon and California in employment law matters. Contact her at 503-276-2102 or jko@barran.com