Bring Your Own Device (to Work): Benefits and Challenges

July 25, 2018 | David Tsai, Vivian Hua

Mobile devices are pervasive – indeed, it is becoming exceedingly rare to find a workplace that does not incorporate the use of mobile devices in its day-to-day operations in some fashion.

While there are several ways companies can integrate mobile devices into the workplace, a popular trend is to allow employees to use their own personal device for work-related matters under a “Bring Your Own Device” (“BYOD”) program.

A BYOD program allows employees consistent access to work-related matters and thus enables them to complete tasks outside the office. This increases efficiency and productivity, along with  promoting collaboration in the workplace by having greater access to colleagues and clients. In addition, these benefits can be accessed at a more affordable price point than if the company purchased and maintained another device exclusively for work purposes.

However, the blurred lines between private and work-related phone usage can present numerous challenges to BYOD programs. The use of a mobile device for personal purposes tends to increase the risk of malware and Trojan viruses, meaning that confidential work content stored on the device is also subject to greater security risks. Additionally, the mix of personal and work-related usage makes it difficult to navigate overtime claims and the reimbursement of incurred costs (i.e., for client calls or long distance fees, etc.).

It can also be difficult for the company to manage its content on an employee’s personal device. BYOD programs raise questions about how much privacy an employee can expect, the scope of permissible personal usage, and their rights to the device’s content upon termination of employment.

Consequently, it is crucial that companies provide clear, strict and unambiguous policies for BYOD programs to reduce both risks and liabilities. These policies should explicitly address the following key elements:

  • an outline of what is permissible and impermissible use of the device;
  • the parameters around how, when and where an employee should access information remotely;
  • the methods that will be used for monitoring work data;
  • an acknowledgment that the device may be subject to control by the company such as periodic security checks and the need to wipe or store data from the device upon termination of employment;
  • procedures for if the device is lost or stolen; and,
  • the use of any applications that create specific “work-related” areas on the phone (known as “ring-fencing” or “sandboxing”).

It is highly recommended that employers implement a carefully developed BYOD policy in order to maximize the benefits of mobile devices in the workplace while minimizing the potential risks and challenges that may arise along with it.


This blog sets out a variety of materials relating to the law to be used for educational and non-commercial purposes only; the author(s) of this blog do not intend the blog to be a source of legal advice. Please retain and seek the advice of a lawyer and use your own good judgement before choosing to act on any information included in the blog. If you choose to rely on the materials, you do so entirely at your own risk.