By Sean Gallagher
The pervasive explosion in technology has blurred the line between the workplace and home. Nowhere is this line less clear than for employees who prefer (or are encouraged by their employer) to bring their own electronic devices to work. When personal computers first burst on the scene, most of the software necessary for handling work tasks was not readily available to individual users. For that reason, employees usually performed work tasks exclusively on their work computer. However, now that many work tasks can be easily performed on a personal computer, tablet, or smartphone, employees are naturally inclined to use their own electronic devices for personal as well as work-related tasks. Similarly, many companies recognize that it is cost-effective to allow employees to bring their own devices into the workplace to perform work function. A recent survey found that eighty-four percent of employees use the same smart phone for work and pleasure. But employers who allow employees to use their own devices at work need to be mindful of potential security and other risks caused by such a practice.
It is important that employers who permit employees to use their own electronic devices at work have a policy. A BYOD policy should, at a minimum:
· Identify who may participate.
· State what devices are covered.
· Define permissible and impermissible uses of devices for work purposes.
· Alert employees to the potential pitfalls of using personal devices for work.
· Set the company’s expectations for employee behavior while using the device for work.
In addition to having a BYOD policy, the company also needs to have plans in place that allow the company to maintain data security over proprietary and trade secret information that is stored on personal devices, and that protects the company's computer network from malicious software that is loaded by use of a personal device.
Additional BYOD risks:
Lost Devices: A device which is lost or stolen can present a significant risk to an employer, especially when that device contains confidential or proprietary business information. Fortunately, software is readily available that allows employers to remotely wipe or erase a device in the event of loss or theft. But because the use of such a wiping program might affect the employee’s personal data on the device, employers need to have policies in place that make employees aware of the risks of using their devices at work.
Malware: Personal device could become infected with a virus or malicious software (malware) which might infect other devices or systems at work. Employers need to be careful to ensure that personal devices that are plugged into the company computer network are scanned for malware or viruses.
Social Media: Because Facebook and LinkedIn have become so ubiquitous, many employees blur the lines between personal communications and company related communications. Indeed, many employees use their company email address as their primary email address for Facebook or LinkedIn. When employees blur the line between their personal life and their workplace life in that way, it is natural that people reading social media posts also blur the line. For that reason, companies are well advised to adopt a social media policy that explains to employees what is and is not permissible with regard to use company devices or company email addresses for social media.
Document Preservation: Finally, when companies allow employees to use personal devices at work, both the employer and the employee need to be aware that this practice could subject the employee’s personal device to discovery in the event of litigation. For that reason, it is important that a company have a policy in place that all employees sign that alerts employees to the fact that the use of a personal device at work might make those devices subject to preservation and discovery obligations under Federal and state court rules.