As more and more employees are using their own mobile, electronic devices for work, employers must recognize and address the many issues that arise from this practice. Today employees typically own three separate electronic devices (smart phones, tablets and laptops), which all potentially can be used for work. In the very near future, e-mails and other work-related information may be viewed and exchanged through Google glasses, smartwatches, smart cars and even smart homes. One estimate indicates that by next year, there will be over fifteen billion electronic devices in existence.
What happens if one of these devices that contain an employer’s important business information is lost or stolen? What happens if an employee is terminated and refuses to remove company data from their device? Who owns the phone number or LinkedIn site that an employee has used to amass significant contacts with the employer’s customers and clients? Does checking e-mails at home constitute work for which an employee must be paid? Are employee-owned devices subject to discovery in the event that litigation occurs? All of these are important questions that an employer must address in a comprehensive BYOD policy.
WHY ARE COMPANIES ALLOWING EMPLOYEES TO BYOD?
The simple answer to this question is that employees are asking to BYOD. Employees enjoy the convenience of using their own personal devices, which eliminates the need for an employee to carry multiple devices. BYOD also improves employee efficiency. Employees are readily available, are always reachable, and can work anywhere at any time.
Some claim that a BYOD policy also reduces employer costs. Employees provide all of their own devices and all of the accessories that go with those devices, while the company provides only IT support. However, employers must monitor the cost associated with the BYOD policy. Who pays for the employee’s data plan? Is there an increase in IT and help desk support costs associated with employees bringing their personal devices to IT for repairs or updates?
BYOD policies must address the two primary issues that concern employees. The first involves the loss of any expectation of privacy when an employee uses personal devices for work. These devices need to be accessed by employers, and such access can reveal personal, financial, or even health information about the employees.
Another area of employee concern is the potential for loss of information. Employers must have the ability to secure confidential and proprietary information that may be contained on employees’ personal devices. In this process, access and the ability to remotely delete such information may cause damage or the deletion of personal information belonging to the employee.
The employer’s concerns with regard to a BYOD policy are many and change as fast as new technology changes the way in which these devices work.
Employers must address the security risks associated with protecting trade secrets and confidential business data. Protections may include internal firewalls that prevent the combination of company data with personal employee information; password protections; and the ability to remotely lock or wipe this information from employee devices.
Employer policies on harassment and/or hostile work environment must also address the use of these personal devices.
Employers must take into account the possibility that the company data on employee personal devices will need to be preserved and accessed in the event of litigation. Electronic discovery is potentially an enormous cost, which only increases with the number of devices that contain this information.
Finally, the ability of a BYOD policy to allow an employee to work any time at any place must be specifically addressed for non-exempt employees. These employees get paid for all of the time that they work. BYOD policy must address the issue of potential “off the clock” claims and must clearly set forth the company’s policy that prohibits employees from using their devices to answer e-mails or to do other related work after their normal working hours.
A well-crafted BYOD policy requires the coordination of a variety of company resources. Human Resources must ensure that the policies are coordinated with company handbooks, other personnel policies, and in the company’s termination process. The company’s finance group must monitor the policies to make sure that the cost of a BYOD policy is truly worth the benefit. The company’s legal advisors must ensure that the policy specifically addresses privacy, harassment, wage and hour, and other legal concerns. And finally, the company’s IT group must be actively involved in making sure that company proprietary information is always being protected.
While there is “no one policy fits all” template for an employer to use in adopting a BYOD policy, the following considerations should be addressed in every BYOD policy.
The BYOD movement is not only here to stay but is increasing every day. Employers must stay ahead of the constantly changing issues associated with BYOD practices by adopting appropriate work policies, by monitoring these practices on a frequent basis, and by keeping apprised of the changes in technology as they occur, so that their policies and practices can be updated accordingly.
This information should not be construed as legal advice, and readers should not act upon it without professional counsel. It was originally written by Patrick T. Collins of Norris McLaughlin & Marcus, P.A and is reused here with Mr. Collin’s permission. If you have any questions regarding the information in this alert or any other labor & employment matters, please feel free to contact him.