Mobile devices are pervasive – indeed, it is becoming exceedingly rare to find a workplace that does not incorporate the use of mobile devices in its day-to-day operations in some fashion.
While there are several ways companies can integrate mobile devices into the workplace, a popular trend is to allow employees to use their own personal device for work-related matters under a “Bring Your Own Device” (“BYOD”) program.
A BYOD program allows employees consistent access to work-related matters and thus enables them to complete tasks outside the office. This increases efficiency and productivity, along with promoting collaboration in the workplace by having greater access to colleagues and clients. In addition, these benefits can be accessed at a more affordable price point than if the company purchased and maintained another device exclusively for work purposes.
However, the blurred lines between private and work-related phone usage can present numerous challenges to BYOD programs. The use of a mobile device for personal purposes tends to increase the risk of malware and Trojan viruses, meaning that confidential work content stored on the device is also subject to greater security risks. Additionally, the mix of personal and work-related usage makes it difficult to navigate overtime claims and the reimbursement of incurred costs (i.e., for client calls or long distance fees, etc.).
It can also be difficult for the company to manage its content on an employee’s personal device. BYOD programs raise questions about how much privacy an employee can expect, the scope of permissible personal usage, and their rights to the device’s content upon termination of employment.
Consequently, it is crucial that companies provide clear, strict and unambiguous policies for BYOD programs to reduce both risks and liabilities. These policies should explicitly address the following key elements:
- an outline of what is permissible and impermissible use of the device;
- the parameters around how, when and where an employee should access information remotely;
- the methods that will be used for monitoring work data;
- an acknowledgment that the device may be subject to control by the company such as periodic security checks and the need to wipe or store data from the device upon termination of employment;
- procedures for if the device is lost or stolen; and,
- the use of any applications that create specific “work-related” areas on the phone (known as “ring-fencing” or “sandboxing”).
It is highly recommended that employers implement a carefully developed BYOD policy in order to maximize the benefits of mobile devices in the workplace while minimizing the potential risks and challenges that may arise along with it.