- BYOD Requires BYOB: How to Handle the Challenges Inherent in a "Bring Your Own Device" Program
- March 12, 2014 | Author: Susan Bassford Wilson
- Law Firm: Constangy, Brooks & Smith, LLP - St. Louis Office
By a show of "Likes," how many of us have ever checked our work email or made work-related phone calls on a personal smartphone? Or drafted a document on a personal computer or tablet?
All of us. Recent studies indicate that more than 60 percent of employees report using a personal device for work. Perhaps that is why many companies are moving toward a bring-your-own-device program.
A BYOD program is one that allows, encourages, or requires that employees use personal equipment to perform the job. The advantages of the BYOD system include increased employee satisfaction, increased productivity and the potential to lower technology and training costs because employees are able to choose technology with which they are already familiar and comfortable.
However, hazards exist. The BYOD movement continues to blur the line between the personal and the professional, leaving many employers and employees unsure of their practical options and legal obligations. Here are some of the issues:
Data Security and Document Control
Inherent in the BYOD movement is the reality that confidential information such as trade secrets and sensitive employee data will be stored on personal devices. Is that information being appropriately protected if your employee allows his four-year-old son to play on his phone, or lends his tablet to his teenager on a road trip?
Further, mobile devices can easily be lost or stolen. The use of unsecured networks can also present a security risk to the company's information even if the employee is not actively transmitting or accessing company data. Additionally, how should a company ensure that all work-related data is deleted when an employee quits or is terminated?
Many of these challenges can be resolved - or at least limited - by implementing clear policies and using appropriate software. "Containerizing" work-related information helps to protect it by segregating it from the personal information on the device. Employers should also require employees to follow security procedures such as mandating a password on every device containing company information and avoiding unsecured wireless networks. Employers should also consider installing mobile device management (MDM) software, which allows the employer to manage the work-related information on the device and allows remote "wiping" of work-related information in the event of a lost or stolen device, or the termination of the employee's employment.
Off-Clock Work and Other Wage-Hour Issues
Providing a non-exempt employee with a mobile device on which she can check work-related email or exchange text messages with supervisors invites an off-clock-work suit because many employees will perform these tasks away from the workplace and after their regular working hours. One possible solution could be to instruct non-exempt employees not to check or respond to messages after their regular work hours. If you choose this solution, though, be sure that your managers and supervisors are aware of it and comply with it. If an employee's boss sends an email after hours, it is hard, if not impossible, for a good employee to ignore it.
Another strategy could be to restrict the BYOD program to exempt employees, but this may not be practical. In any event, compensation issues may exist even for exempt employees, if they are on unpaid leaves and use their devices to perform more than a de minimis amount of work while out.
Practically speaking, the easiest way to prevent non-exempt employees from working after hours on their BYOD devices might be to restrict their server access after hours.
Another question a company must evaluate is who pays for the device, or for the monthly service? It may be appealing to simply require the employee to pay for everything, but doing so could effectively cause some employees to earn less than the minimum wage. Further, requiring employees to foot all of the bill could have a negative effect on recruiting and morale as well as the company's ability to enforce policies related to such devices.
"Sexting," Lawsuits, and Litigation Holds
A 2014 study reports that more than 50 percent of adults admit to "sexting" or storing intimate data on mobile devices. That's merely one example of the ways that company access to employees' devices can provide more information than the company may want, including access to information about protected characteristics, such as religion, sexual orientation, or genetic information. Further, an inappropriate comment posted on a social media outlet, such as Facebook, may be used as evidence in a lawsuit against the employer, particularly if that comment was made on equipment used for work.
Finally, when a company is involved in litigation, it has a duty to preserve any document in its possession that might be relevant. If there is work-related information on an employee's personal laptop, is it in the company's possession?
A clear policy that sets forth requirements and consequences is invaluable. Additionally, any company with a BYOD program will want to track the use of BYOD devices to ensure appropriate document preservation.
Company Liability for Employee Conduct
Distracted driving is a prime example of the potential for company liability in a BYOD context. In 2012, a Texas jury awarded more than $21 million to a woman who was injured when her car was broadsided by another vehicle driven by a Coca-Cola marketing employee who was on a business call on her hands-free cell phone. Coca-Cola policy prohibited use of hand-held phones but not hands-free phones. The jury's award included $10 million in punitive damages against Coca-Cola. Although the case did not concern a BYOD device, the use of such a device could provide another potential path to company liability.
As with any cell phone use, employers should have strong policies and employee training on the use of cell phones while driving. Further, employers should ensure that they take into account the terms of any applicable collective bargaining agreements, or applicable national standards (like those of the U.S. Department of Transportation).
In sum, the first step to a successful BYOD program is to create a plan based on your company's needs, culture and goals. As we have previously suggested, this should be a joint effort by your company's legal, technical, and business teams. Then create a clear, written policy that addresses problematic issues before they arise in light of practical and legal considerations. Have employees sign off on the policy, and provide training as needed. Taking these steps should help to ensure that your "BYOD" policy does not leave you wanting to BYOB.