The holidays are coming up and your employees may be getting that coveted new tablet, smartphone, or other mobile device from their Christmas list. Employees increasingly wish to use their own devices, whether it be to use their preferred hardware, operating system, or merely to avoid carrying two or more devices for work and personal use. Does your company have a policy in place to govern the use of such devices for work purposes?
A carefully drafted Bring Your Own Device (“BYOD”) policy can help address the concerns and risks to employers and employees implicated by use of mobile devices at work or outside of the workplace. Below are some of the common issues that can be addressed by a BYOD policy:
- rules and expectations regarding the types of information that may be stored or accessed on the device
- privacy expectations for employee information and business information
- implementing appropriate security safeguards to protect confidential information
- employer liability for an employee’s wrongful use of a device
- financial reimbursement and technical support
- issues with the device and data when an employee leaves or is terminated
- potential wage and hour issues for nonexempt employees
- consequences for noncompliance with the policy and interaction with an employee handbook, a social media policy, or an information technology and communications systems policy
When considering drafting a BYOD policy, it is important to identify the key concerns and expectations of management, employees, and customers or clients of your business. After identifying those concerns, a BYOD policy should be drafted in a clear, concise manner so that everyone involved understands their rights and obligations under the policy.
Here are just a few examples of ways in which employees or executives can put your company at risk in the absence of guidance from a BYOD policy:
- A high level manager leaves his iPad in a shopping cart on Black Friday – it contains company emails and attachments with confidential information. The iPad does not have a passcode because he “rarely takes it out of the house”.
- Your social media marketing guru accidentally posts inappropriate for work comments and photos using the company Facebook account instead of her personal account.
- Your diligent administrative assistant, a nonexempt employee, spends 45 minutes of her son’s swim meet returning emails that she wasn’t able to get to before she rushed out of the office. Because she isn’t in the office, the time worked never shows up on a time sheet or pay stub.
- Your controller goes to dinner with his family. While they are waiting for their meal he sends a few emails to an accounting clerk regarding some budget information and then hands the phone to his six year old who accidentally forwards the emails to other contacts outside the organization.