POSTED BY Marion Goodsell
The Consumer Electronics Association hailed the bring-your-own-device (BYOD) trend as a key to innovation in 2013. BYOD has long been in practice and has been gaining acceptance from employers, who seek the benefits of lower connectivity costs and increased productivity. However, there are potential legal and operational concerns for both employers and employees as this practice becomes commonplace. Employers must balance the cost savings and increased productivity against concerns over data security and human resources issues. While, employees may be concerned about use-policies, privacy, and uncompensated work-time.
Both the U.S. Department of Commerce and the National Security Agency published extensive reports in 2013, to advise enterprises on data security and creating effective BYOD policies. While carefully crafted policies may provide a firm’s later action in response to a breach of policy, many employees are not aware of the specific contents of a their firm’s use policy, and often have not received any instruction or advising on the policy. Generally mobile devices are perceived as more secure that the typical office p.c., although many are not used with enough security procedures in place. Widespread unsecure behaviors include: connecting to unsecured wireless networks, having no security software installed, failing to encrypt files, or opening them on unsecure devices, and using unsupported internet based services to conduct work.
As companies, and perhaps law firms, seek to secure information, employees should be aware of policies permitting an employer to remotely wipe the device. Given the not insignificant rate of loss and theft of mobile devices, such a security measure would be good stewardship on the part of the company, but also highlights the extent to which the BYOD model permits an employer to access an employee owned device. The convenience to employees may be gained at the expense of their privacy. Depending the contents and implementation of the use policy, employees’ privacy may be safeguarded by state and federal laws, although recovery seems limited.
Finally, employers might be wise to consider who among their staff is included in BYOD and if their use extends beyond their workday. While communication may be batched and restricted to within the workday and the 40 hours per week for certain employees, without such a proactive approach, hourly employees may seek compensation for their off-hours response to email or other work beyond de minimis use. (Allen v. City of Chicago, 2013 U.S. Dist. Lexis 5394 (2013)).