What happens when personal phones are no longer for personal use? Gone are the days where we were issued separate business phones. We have entered into a new era where personal devices are used for work and work devices are used for personal use.
Bring Your Own Device (BYOD) is widely adopted to refer to employees who bring their own computing devices to the workplace for use and connectivity on the secure corporate network. It refers to an increasing trend of employees using personal devices in the workplace or for work purposes. BYOD policies have become an increasing trend in the workforce with more than 50% of midmarket organizations supporting BYOD as a way to boost productivity and reduce costs with the highest percentage of support coming from the legal sector. BYOD policies have the benefit of saving costs and increasing productivity since users have more sharing capabilities. Such sharing capabilities give employees more ability and freedom to share information on mobile devices.
Of course such benefits come at a price, like increased risks to security or end-user privacy, as well as software licensing issues for businesses. Not surprisingly, a recent survey indicated that in-house counsels’ biggest worry is BYOD e-discovery and the managing of mobile and social networking data.
In a recent case, Cochran v. Schwan’s Home Serv., Inc., the California Court of Appeals held that “employees who were required to use personal cell phones for business purposes suffered an expenditure or loss which required reimbursement”. The Court stated that, under California’s Labor Code section 2802, if an employee incurs an “expense” if he or she is required to make work-related calls on a personal cell phone. The key word in the holding is the word “required.” The Court limited the scope of holding to situations in which employees are “required” to use personal devices for work uses. The Court did not address optional BYOD policies at workplaces.
As of now, California appears to be the only state holding employers liable for required employee BYOD expenses and federal BYOD policies are lacking. Britain recently issued new guidance that highlights data privacy and security concerns as well as the impact BYOD can have on existing commercial arrangements.
Yet despite all the complications and concerns surrounding BYOD implementation, experts agree that there are steps that businesses can take to mitigate potential risks. Such steps include providing clear guidelines for BYOD usage and increasing data security by remotely controlling who can access files. Planning for security incidents, using technical services such as Mobile Device management (MDM) and anticipating increased device support can all go a long way toward reducing risks associated BYOD policies. Companies such as IBM offer management and security capabilities to help control devices as they connect to your networks, apps, and data. Under the rule in Cochran, employers’ safest bet would be to eliminate any required BYOD policies and make such usages optional and limited in scope. To avoid vicarious liability for employees’ activity on personal/business devices, businesses can establish policies as to what constitutes “work on behalf of the company” and what counts as “personal usage.”
BYOD is not “bring your own disaster,” but if proper steps are not taken to minimize risk, BYOD has the potential to be disastrous. For now, with the right steps in place, BYOD simply stands for Bring Your Own Device.