BYOD Legal Issues
Best Practices To Follow
The pervasiveness of employees accessing corporate data and apps on personal devices can’t be ignored. Leading enterprises are adopting bring your own device (BYOD) policies, often resulting in increased employee satisfaction, enhanced productivity, and potential cost savings.
Although BYOD is often seen as a positive addition to an enterprise, there are also numerous legal issues that can’t be neglected. To understand more about these BYOD legal issues, Enterprise Digitalization enlisted help from attorneys who are familiar with these matters.
Security And Privacy
Security remains the utmost concern for managing devices in a BYOD environment. Escalating those matters are legal complications, because the enterprise remains liable for loss of sensitive personal information.
“If a company allows its employees to access private/personally identifiable data through their personal devices, that employer will be responsible for any data breaches that result therefrom,” said Scott Altes, a lawyer with Fennemore Craig Attorneys who specializes in subjects such as data security. “This can of course include issues relating to lost or stolen devices and issues caused by viruses and malware, as well as other scenarios in which employee devices and the data accessible through such devices may be compromised.”
According to Altes, minimizing those security risks rests on an enterprise’s ability to enact strict requirements, such as mandatory use of complex passwords, encryption, employee security training, device usage restrictions, and software that can remotely wipe a device in case of a breach.
Even if security concerns are mitigated, there are still privacy issues. Without the use of a robust solution, such as containerization or dual personas, it is possible that an employee’s personal data may be at risk when a device is wiped.
“Employers must also consider their own employees' privacy rights that may be implicated when devices contain both employer information and data and an employee's own private information,” said Altes.
Corporate data on a personal device could also present a legal nightmare. It is one of the many issues that must be clarified, especially when an employee’s relationship with the company ends.
“An employee that brings their devices to work and then quits or is terminated may have company data on their personal phone,” said David Reischer, attorney and CEO of LegalAdvice.com. “This raises questions of to whom does the information on their personal devices belong? An employer should implement a policy that does not allow for employees to download any company information onto their personal devices.”
Personal Device Usage For Work-Related Activities
In addition to the security and privacy issues, there is a host of other legal considerations for BYOD. For example, there can be liability for employers when workers use personal devices while operating heavy machinery.
“An employer may be vicariously implicated in the event that they fail to manage and monitor how employees are using mobile devices while driving,” said Reishcer. “As such, an employer that wants to limit legal liability as much as possible should institute a risk management program to enforce a no cell phone use policy while operating heavy machinery or engaged in activities that put other people at risk.”
There are also potential violations of the Fair Labor Standard Act (FLSA), which mandates overtime pay for non-exempt workers if they spend more than 40 hours a week on job-related tasks. This kicks in if a non-exempt employee uses their own personal device for work-related tasks, which also includes leveraging personal devices outside of the workplace and beyond the normal work day.
“If a non-exempt worker is excessively checking work related emails or doing work on their personal device above the 40 hours required by law, an employer may be in violation of the FLSA,” said Reischer.
In the end, it recommended that BYOD policies address potential legal loopholes before they become problematic.
“Businesses should be aware that devices used by employees to perform work-related functions create additional obligations and potential issues with respect to document and data retention and legal holds, as well as discovery in legal proceedings,” said Altes.
In order to reap the benefits of BYOD while minimizing potential risks, Altes suggests that organizations seek professional legal assistance in order to ensure that polices and practices are compliant with the law.
Read more about best practices for setting up a BYOD policy.
Special thanks to HARO (Help A Reporter Out).