A frequent way of lowering IT costs these days is by allowing employees to use their various electronic devices – SmartPhones, tablets, laptops, etc. – to conduct company business. At initial glance, this seems like a win-win situation for everyone.
The company gets to save money because it isn’t purchasing as much IT equipment anymore and it isn’t having to chase after the popular manufacturers and the latest technology. A side benefit is the IT department doesn’t have the headache of listening to people gripe about the selections made.
The employee gets to have the convenience of only using one device (or a small number) to conduct his or her life, in a world where the barrier between work and private life seems increasingly blurred and indistinct.
The problems, of course, arise in the day-to-day. Let’s talk through just a few I’ve encountered in my practice:
The company hires a new sales director. She offers to use her personal smartphone to save the company money. This means that the phone number she’ll be using to conduct company business is her own personal number. She owns it. And now all the company’s key clients know to call her when they need something. Two years later, she gets a new job offer and switches to your competitor. The number all your key clients have follows her to her new company and there’s nothing you can do to stop it.
A senior executive of your company goes rogue. He begins engaging in illegal activity. You are conducting an internal investigation and you need to see his calls and text messages to external parties. You try to obtain the telephone records but the phone company refuses to provide them – it’s not your account.
Your junior employee is working on a key project for the firm, handling a great deal of sensitive information and trade secrets. She’s using her tablet as her work hub, including all the notes of key stakeholder meetings. Despite your data protection policy, she did not do even the basics to secure her tablet, including setting a passcode. She loses the tablet on the subway and now your data is out there unprotected.
Your flexible work policy allows your accounting manager to work remotely a few days a week. To escape his hectic home, he goes to the local coffee shop and uses its free wireless access there. Unfortunately, it’s not a secure network and the stranger beside him has hacked into his laptop, obtaining all your clients’ credit card information.
The CEO’s secretary begins accessing her emails on nights and weekends from her personal smartphone in order to be more responsive. Unfortunately, she’s a non-exempt employee under FLSA and she doesn’t put in for the hours worked. During a routine DOL audit, a large deficiency is noted in her hours worked versus paid and the company is hit with a fine.
Litigation commences around a particular department in your company. All employees who’ve worked on a certain product are having to turn over records (both physical and electronic) with respect to claims made about its performance. Making this discovery more difficult is that all of the employees have been using personal devices. Several actively resist turning over their devices for even a limited period of time for the company to sweep them for relevant information claiming it’s an invasion of their privacy. Others have had several devices during the relevant time period and didn’t migrate all the files to each new one.
As you can see, with new technology and new choices come new problems. One way to help mitigate those issues is through having a comprehensive corporate policy. These are often referred to as “Bring Your Own Device” (BYOD) policies.
A few items you will want to include in your BYOD:
- What type of devices can people bring (i.e., smartphones, tablets, laptops, etc.)
- What types of data will be allowed to be accessed
- What type of employees can bring in devices (e.g., exempt only, non-client facing, etc.)
- What technology will be used to segregate company data from personal data)
- What is the company’s right to monitor, access, sweep and delete data
- What data protection requirements will be enforced and how monitored
- What right to privacy can your employees expect
Whether you’ve already let your employees use their own devices or you are considering it, you should consult with a qualified attorney in your jurisdiction to assist you. She can help you navigate the pitfalls, coordinate between your IT and HR departments, and draft a policy that addresses your needs. Make using personal devices truly a win-win.