Legal Pitfalls to Avoid in Adopting a Bring Your Own Devices (BYOD) Policy

By lfsuser on October 23, 2014

60% of employees have recently reported that they use a personal electronic device for work. This is not surprising. It is probably safe to assume that almost every person now owns some form of a personal mobile electronic device. With the proliferation of these personal devices, people are increasingly using them for work-related matters such as checking work emails, making work-related phone calls, or drafting a document on a laptop or tablet. Employees use their personal devices to access confidential company data, contact customers, and store customer contact information onto their devices. Although problems do not arise in most instances, what happens when an employee quits or is terminated? What policies and practices do you have in place to prevent those employees from simply taking your confidential and proprietary information and giving it to a competitor or publicizing it in other ways?

Unfortunately, many employers have not adopted Bring Your Own Device (BYOD) policies to protect confidential information that is stored on their employees’ personal mobile devices. In many cases, employers do not adopt such policies until it is too late; until there has already been a breach of confidentiality by an employee. Below, we have listed a number of recommendations employers should take in implementing a BYOD policy:

  • Require your employees to immediately notify the employer if their personal mobile device is stolen, compromised by hackers, or stolen.
  • Notify your employees that any employer communication, documents, and information that originates on, is received from, stored on, or sent from a personal mobile device for the purposes of work-related matters is the sole and exclusive property of the employer.
  • Require your employees to password protect their personal mobile devices, to periodically change their password, and to avoid using unsecured wireless networks.
  • Require your employees to obtain written authorization from the employer to use their personal mobile devices for work use.
  • Require your employees to sign a written acknowledgement form confirming that they have read, understood, and agree to comply with the employer’s BYOD policy.
  • Once an employee has received written authorization to use their personal mobile device and they agree to comply with the employer’s BYOD policy, the employer’s Information Technology (IT) department should install software (known as Mobile Device Management software) that enables the employer to remotely wipe all work-related information from the employee’s device in cases where the device has been stolen, lost, hacked, or the employee has been discharged or terminated from employment.
  • Your BYOD policy should clearly define unacceptable uses of a personal mobile device (e.g., harassment, breach of confidentiality, engaging in outside business activities, storing or transmitting illicit materials, etc.).
    Unless they obtain prior written authorization from the employer, non-exempt employees should be prohibited from using their personal mobile devices for work use outside of regular work hours. Otherwise, the employer will be inviting a potential wage and hour claim.
  • In order to address any potential invasion of privacy claims, adopt a written policy notifying employees that they will have no reasonable expectation of privacy in any type of communication transmitted through the use of their personal mobile devices for work-related purposes.
  • In implementing a BYOD policy, employers should take into account the terms of any collective bargaining agreements or applicable national standards (i.e., U.S. Department of Transportation).

Despite the legal hazards that a BYOD program may present to the employer, studies report that allowing the use of personal devices for work-related matters increases employee productivity and satisfaction. The implementation of a strong BYOD policy ensures that the employer has instituted procedural and legal safeguards while also allowing employees the flexibility and freedom of using their own electronic devices to accomplish their goals.

Should you require any assistance in the drafting and implementation of a Bring Your Own Device policy, please do not hesitate to contact AGHW.

This document is intended to provide you with general information about legal developments. The contents of this document are not intended to provide specific legal advice. If you have questions about the contents of this alert, please contact Hannibal Odisho at 415-697-3463 or at hodisho@aghwlaw.com. This communication may be considered advertising in some jurisdictions.