With the tremendous growth in ownership of personal technology, bring-your-own-device (BYOD) policies are more common in the workplace today than ever before. While it is possible for a company to operate effectively while allowing their employees to use their personal computers and phones for work, it is vital to consider the potential pitfalls that come with BYOD policies. If you need help implementing a workplace BYOD policy, the employment law attorneys at Simon Paschal can assist you.
Security, Hardware Control & Rogue Devices
One of the main benefits of a BYOD policy is that employees are allowed to use their own preferred technology at work and they have access to these devices even during non-business hours. This also introduces the possibility that employees could choose to use “rogue” devices (such as a jailbroken mobile phone) which come with substantial security risks and can expose company resources to attack and malware and limit the confidentiality of company trade secrets.
Even employees who use standard devices pose a problem for the company in that IT has no control over what software and apps the user is loading, what they choose to store on the device, and the level of security each user employs.
Since it is not possible to monitor all employees’ personal devices, it is important to require stringent security measures on the applications your employees will be using for work. Make sure these applications are password protected and require a login each time they are accessed.
Those companies that can afford it may opt to develop internal applications that only employees are able to access, rather than allow them to utilize public applications such as those available online.
Data Privacy Compliance, Enforcement & Data Accessibility
Depending on your type of business, your organization may have to adhere to strict compliance requirements, such as HIPAA and the GLB Act, regarding data privacy. Compliance breaches can result in stiff penalties.
The potential for a breach rises exponentially when employees can access protected information on their own devices. What if an employee fails to appropriately protect private information when away from work, or inadvertently shares data with others? If an employee’s device is lost or stolen and the protected data is not secure, it is the company’s responsibility to ensure the data is not accessed improperly.
In some cases, a company must retrieve a piece of data from an employee’s device. What are the legalities of such a search? What if the IT department stumbles upon evidence of the employee’s illegal or unethical conduct?
What happens when an employee leaves the company? What data have they taken with them? If the IT department erases company data from a former employee’s personal device but inadvertently erases personal data along with it, what is the extent of the organization’s liability? These thorny issues should all be considered when creating a BYOD policy and explained in clear terms.
Productivity and Cost Concerns
Allowing your employees to bring their personal devices to work does mean that they will be able to access work apps and email away from work at any time. But it also means they can access their favorite leisure apps, games, shopping sites and streaming video services as well. So maintaining productivity may be a challenge. Your BYOD policy should include workplace restrictions on the use of social media, video streaming, and any other online activities you wish to curtail or prohibit.
In addition, with a BYOD policy and the ability of employees to work at any time from anywhere, employers must be aware of overtime issues. Nonexempt employees accessing their e-mail after hours or texting with co-workers or clients about work matters need to be compensated for such time. It can be difficult to track. Employers should have policies addressing work on these devices outside normal working hours.
Some BYOD policies allow employees to bring their own device, paying for the wireless service or reimbursing employees who pay for their own service. There are numerous horror stories out there about employees racking up thousands of dollars in roaming charges or expensing their whole family’s cell phone plan. It is absolutely essential that usage tracking be implemented if your organization is paying for employees’ wireless service.
In addition to this concern, depending on your ISP and pricing model, your employees’ personal use of the Internet at work could be quite costly if you pay by amount of data used. Again, it is important to think about tracking employee usage and including restrictions on personal usage of company bandwidth at work in your BYOD policy.
Create an Effective BYOD Policy
Your BYOD policy should address potential pitfalls such as security, rogue devices, compliance, data privacy, and acceptable Internet usage at work clearly, in writing, to ensure that everyone understands. Distribute the policy via email and include it in your employee handbook as well.
This post is merely an overview of the potential pitfalls of BYOD policies in the workplace and should not be considered legal advice. For more information on BYOD policies and how you can implement them safely and effectively within your company, contact the employment attorneys at Simon Paschal online or at 972-893-9340.