BYOD (‘Bring Your Own Device’) to Work: Defining the lines between protecting employer information and managing employee privacy expectations

Reports show that fifty percent (50%) of employees access work-related information on personal devices. A number that researchers say will continue to grow at a rapid pace over, at least, the next five years.

Who owns the substance of what is created on the technology used by employees? Does it matter if they use a company-owned device or their own personal device?

Whether your company expressly encourages employees to integrate personal devices into the workplace or not, employees ARE doing it. Everyone is doing it. Why? Because it’s just plain easier; no need to carry multiple phones, juggle multiple tablets or lug the company owned laptop from the office to home. Employees often work more efficiently with a device they’re comfortable with, which means increased productivity for the employer. But, providing employees with unfettered control to comingle company information with personal information, and vice versa, can be costly for employers, making it all the more necessary to implement a ‘Bring Your Own Device’ policy in the workplace.

First, it’s imperative to understand the importance of striking the proper balance between protecting company information and preventing the up-rise of employee privacy predicaments; make sure management understands the laws related to privacy, electronic information and liability. Second, decide whether you want to allow employees to opt-in and out of the BYOD program. Third, educate employees and staff about the BYOD policy including, reasonable expectations of privacy in the devices and procedures upon separation. Make sure your BYOD policy appropriately addresses the following questions: What procedures are in place when an employee separates, losses their phone or is suspected of misappropriating confidential information? What policies are in place to ensure non-exempt employees are not working overtime when using the device after hours? What training and education have been provided to employees handling recycled devices that contain personal information?

At a minimum, your BYOD Policy should:

1. Clarify who owns business communications regardless of what device is used;
2. Define the employees’ limited “zone of privacy” in the devices they use;
3. Comply with the laws related to privacy and electronic information including the Stored Communications Act (SCA);
4. Have employees acknowledge that they must turn over and give their employer the right to access business information of the Company;
5. Outline the procedures to be followed to program the device to keep personal and work information separate;
6. Inform employees about the company’s ability to access information on the device, track the device and/or wipe the device clean if it is lost or stolen;
7. Disclaim liability associated with the potential loss of personal information;
8. Require that employees follow regularly scheduled back-up procedures;
9. Explain that it may be necessary for the Company to access employees’ devices in response to litigation e-discovery or company or forensic investigations;
10. Implement security measures with passwords, data-encryption, prohibition against using unknown Wi-Fi, locking the device after a period of inactivity, etc.;
11. Instruct non-exempt employees to not use company technology and to refrain from accessing work apps and software after hours absent prior written approval and to record all time spent doing so;
12. Protect proprietary and/or trade secret information both during and after employment ends and follow methods to prevent IP theft and to prove that safeguards were implemented so that the Company can prosecute instances of misappropriation;
13. Prohibit employees to text and drive (or engage in any other dangerous activity);
14. Obtain written acknowledgement of your BYOD policy; and
15. Outline procedures to follow to clean a device when an employee separation occurs.

The Schwarzberg & Associates Employment Law and Compliance Team can help you create a BYOD Policy to fit your needs. We have extensive experience in developing effective policies, procedures and proactive responsive measures to deal with a myriad of workplace issues. Please do not hesitate to contact one of our members; Steve Schwarzberg or Lisa Kohring at (561) 659-3300 to obtain more information about our firm and its various employment law compliance and defense services.