New Professional Member Special>>> Save $15 and receive a SHRM tote bag
HR professionals can play a key role in creating business efficiency—starting with their own department.
Save $15 on a Professional Membership and Receive a FREE Tote Bag.
Get the HR education you need without travel expenses or time out of the office.
We don't just visit a city, we take it over. Join us in NOLA -- June 18 - 21, 2017.
Taking a clear position on employee-owned devices is critical.
These days, most employers can’t keep pace with technology as nimbly as their workforce can. That’s why many forward-thinking companies are now adopting bring-your-own-device (BYOD) policies that allow employees to work on their personal laptops, tablets and smartphones instead of on company-issued equipment. The BYOD trend has been driven in part by Millennials in white-collar positions who have come to rely on using their own technology for both work and play.
While asking people to bring their own devices can lower costs and improve efficiency, effectiveness and morale, it also raises a host of security and legal compliance concerns. Fortunately, most of these concerns can be addressed through a well-crafted policy.
From the employee perspective, the biggest concern is that BYOD practices could lead to a loss of employee privacy. Workers may worry that their company will have inappropriate access to their financial and health data, as well as to their personal photographs, videos, contacts and other information—and that they could lose all that information if the company attempts to remove or “wipe” business information from the worker’s device, which typically happens after a person’s employment has concluded.
On the employer side, the primary apprehension is related to security. For example, personal devices might not have an automatic lock code or timeout function, and many people do not use passwords to protect their laptops, tablets and smartphones. Equally troubling are worries that employees may connect to their devices via unsecured Wi-Fi hotspots, share them with others or simply lose them. All of these possibilities raise the risk for the unauthorized disclosure or destruction of business data.
But other legal problems could crop up as well. For instance, allowing people to use their personal devices for work may make it easier for them to defame the company, their co-workers, customers, vendors, competitors and others or to unlawfully harass their co-workers or subordinates—whether via social media, texting or good, old-fashioned phone calls. Employees using their personal devices may feel more at ease to engage in such inappropriate activity than they would on company-provided equipment.
Moreover, if nonexempt employees are asked to use personal devices for work, the employer opens itself up to exposure under the federal Fair Labor Standards Act and state overtime and wage payment laws. Since nonexempt workers will have ready access to the technology, they will be in a position to respond to e-mails and text messages or to otherwise engage in work activities outside their scheduled work hours.
Expense reimbursement is another headache. Is a company obliged to pay for the costs incurred in connection with the use of a personal device for work? It depends on state law. For example, California Labor Code Section 2802 imposes broad obligations on employers to cover their employees’ business expenses, which could include at least part of the costs of a wireless voice and data plan if the employee is permitted or required to use a personal device for work.
Employers also face challenges in terms of ensuring that business records stored on an employee’s personal device have been saved long enough to satisfy electronic discovery requests during litigation. Failing to retrieve information stored on a worker’s personal device that should have been produced may lead to severe adverse consequences for the employer in the underlying litigation.
Key Policy Features
To address these challenges, employers should develop and disseminate a comprehensive BYOD policy. A good policy will take into account the concerns of both the company and its employees.
There is no one-size-fits-all approach. What works best for a particular employer will depend on the employer’s business, the available IT support and the type of data that needs protecting. However, there are some key features to consider when crafting your policy:
While BYOD policies raise some thorny issues, they can work well when employers balance security, compliance and privacy concerns. The key is being thoughtful and collaborative in your approach.
Paul G. Lannon is an attorney at Holland & Knight in Boston. Phillip M. Schreiber is an attorney at Holland & Knight in Chicago.
More from this issueHR Magazine homepage
You have successfully saved this page as a bookmark.
Please confirm that you want to proceed with deleting bookmark.
You have successfully removed bookmark.
Please log in as a SHRM member before saving bookmarks.
Your session has expired. Please log in again before saving bookmarks.
Please purchase a SHRM membership before saving bookmarks.
An error has occurred
Recommended for you
Join SHRM's exclusive peer-to-peer social network
SHRM’s HR Vendor Directory contains over 3,200 companies