Don’t Overlook Legal, Privacy Issues

By Dave Zielinski Feb 1, 2012

February CoverAllowing employees to use their own mobile devices for business purposes has many benefits, but the practice doesn’t come risk-free. There are data confidentiality, security and privacy issues that managers must consider before implementing bring-your-own-device policies, says Philip Gordon, chair of the privacy and data protection group at Littler Mendelson, a Denver law firm.

Gordon says organizations should require participants to sign a legal agreement. Provisions might include the following:

The company is permitted to install a package of technical safeguards on dual-use mobile devices that employees can’t modify. Those protections might include data encryption, remote “wipe” capability to destroy information on the device if it’s lost or stolen, automatic lockdown of the device after short periods of inactivity, and password protection.

The employee’s device will be subject to monitoring when connected to the corporate network, and employees will provide access to the device if needed as part of any government investigation or litigation. This clause should note that the company might incidentally gain access to personal information. 

“If employers don’t first obtain employee consent … they are at risk of either an invasion of privacy claim or a computer trespass claim,” Gordon says.

The employer can remove any company information from the personal device when the employment relationship ends. “If the employee doesn’t cooperate, the agreement should state that an employer can then activate a remote wipe command,” Gordon says.

The author is a freelance writer and editor in Minneapolis.


Job Finder

Find an HR Job Near You
Post a Job


Find the Right Vendor for Your HR Needs

SHRM’s HR Vendor Directory contains over 10,000 companies

Search & Connect