Need Legal Help? Call Now!

Many employers now either expect or permit employees to use their own electronic devices – smartphones, tablets and laptops — for work.  For company purposes, those devices need access to the company network and vice versa.  It seems very much a part of an open information culture and the trend toward blending professional and personal lives.

There can be advantages for both sides. Employees would very often rather use their own devices.  Employers would also probably be just as happy to skip the hassle and expense of buying, issuing, tracking and maintaining a lot of company equipment.

But simplifying the chore of equipment management may complicate information security. BYOD has significant implications for the security of employer data and the privacy of the employee communications. It may not be the right choice for every situation.

How to Handle Employer Security

Of course, employers should hire carefully.  Any employee with access to data can steal it or misuse it, even without electronic assistance. It’s just easier that way.  The other concern with a BYOD policy is inadvertent damage.  An employer must also be concerned with the possibility that employee-owned devices may be infected with viruses or other malware that could in turn infect the network.

For purposes of protecting the employer’s network and data, a BYOD policy should

  • Spell out which specific devices and operating systems the company will support.
  • Require that all devices be password-protected.
  • Determine which functions – email, Word documents, etc. – employees can access from their mobile devices.
  • Limit access to data in a way that is appropriate to the employee’s job.
  • Establish an antivirus software policy.
  • Consider whether some data should be encrypted.
  • Develop a procedure for employees to report suspected data breach incidents.
  • Develop a response plan in the event of a breach, which may include remote data wiping.
  • Ban any outside applications that cause extra security concerns, and
  • Reimburse employees for authorized costs, which should be spelled out in advance.

What About Employee Privacy?

The flip side to this issue is that employers and employees should both be concerned about the privacy of employee communications, especially when employees are using their own electronic devices at work.  Will communications using the company network be monitored?  If so, employees should be clearly informed, so that they do not act with an inaccurate expectation of privacy.

Questions about the use of social media can become even more complicated. What if an employee is encouraged or expected to post company information on a personal site. Who owns the site when the employee leaves?  A written agreement may prevent litigation.

Both employers and employees should also be aware of three potential situations that may require employers to disclose data on an employee’s personal device. These include an investigation of a security breach, a discovery demand in civil litigation or a criminal investigation. Personal e-mails and images, even though not germane to the underlying issue, can be swept up in the compelled disclosure.  It is a chilling thought, and not entirely within the control of either the employer or employee.

So is BYOD a good idea or not?  It may be an important part of company culture. Protecting employer data, however, may require some additional security protocols. Protecting employee privacy is largely a matter of disclosure and education about expectations and risks.

Protect your business with an on demand legal team

Learn More About General Counsel Select
Legally Sound | Smart Business
A podcast covering business in the news with a legal twist by Pasha Law PC
Legally Sound Smart Business Cover Art

Legally Sound | Smart Business covers the top business stories with a legal twist. Hosted by attorneys Nasir N. Pasha and Matt Staub of Pasha Law, Legally Sound | Smart Business is a podcast geared towards small business owners.

Download the Podcast

Google Podcast Subscribe Apple Podcast Subscribe

Ready to discuss representation for your business?

Pasha Law PC is not the typical law firm. No hourly rates and no surprise bills are its tenants. Our firm's approach is an ideal solution for certain select businesses.

Give us a call at 1-800-991-6504 to schedule an assessment.

or

Fill out the form assessment below and we'll contact you promptly to find the best time for a consultation with a Pasha Law PC attorney best suited for your business.

Please provide your full name.
Please provide the name of your business.
Please provide a valid email address.
Your phone number is not long enough.
Please provide a valid phone number.
Please provide a zip code of your business.
Please provide a short description of your business.
Please provide the approximate number of employees of your business.
Please provide the approximate number of years you have been in business.
X