Smartphones are more accessible than ever. This had inevitably led to an increase in employees using their smartphones while in the workplace. While some employers actually provide their employees with smartphones, and other devices such as tablets that are owned by the company, employees may decide to not to carry both their own personal device(s) and those provided by the company. This is often because the employee is able to work remotely, and it is simply easier and more feasible to utilize just one smart device.
As such, some employers may decide to implement a Bring Your Own Device (BYOD) policy, to respect the preferences of their employees. A Bring Your Own Device policy requires employees to use their personal devices for company purposes. There are several advantages to allowing employees to utilize their own smartphones for company purposes.
One of these advantages is reduced costs for the company. Simply put, companies will not have any extra expenditures providing devices and data plans to each employee that requires one. Additionally, individual employees may have better devices than the company could provide. Their personal devices could contain better technology, be a newer model, etc.
A Bring Your Own Device policy has several risks, however. Before implementing such a policy, business owners need to weigh the risks against the benefits and develop a comprehensive policy that will reduce the risks.
Legal risks of employees using their personal smartphones in the workplace should be considered first and foremost. While employers are absolutely exposed to risks, there is also the potential for harmful effect on employee privacy, as is discussed further below.
What are the Risks Faced by Employers for Allowing Smartphones?
The biggest risk faced by employers allowing their employees to conduct business on their personal smartphones, is the loss of control over company data. This happens when employees use their personal devices and networks to store and communicate company data.
There are several kinds of sensitive information to consider protecting, such as facts and data pertaining to human resources, confidential or privileged information relevant to legal concerns, financial information, proprietary data, trade secrets, and client or marketing lists.
Loss of security is the biggest issue with allowing employees to use their personal devices for company business. In the event an employee loses their device containing company data, that data is now exposed to whoever accesses the device.
Employees are also liable to make errors that lead to loss of security, such as accessing an unsecured Wi-Fi network, failing to password protect their device, or allowing their phone to be discovered by Bluetooth technology. All of these things increase the risk of unauthorized access to important company data.
Another concern is that if an employee uses their personal device for work calls, anyone they contact will associate that number with the employee. So when the employee no longer works for the company, customers, clients, vendors, etc. will continue to contact that number, allowing the now former employee to direct business away from the company.
What are the Risks Faced by Employees for Having Smartphones?
Employers are not the only ones who face risks when there is a Bring Your Own Device policy in the workplace. Employees are at risk of losing all of their phone data if the device is ever stolen or misplaced, because the company might delete all data from the employee’s phone as a security measure. Thus, all of the employee’s personal pictures, videos, contacts, etc. would be destroyed.
Another big risk concerns employee privacy. When a BYOD policy is in place, employees could be obligated to allow the company to read their emails, depending on policies regarding acceptable email and computer use. However, this is limited to company equipment and servers, so it becomes a murky issue when company emails are being sent from a personal device.
This also applies to phone calls made and text messages sent. When these actions occur on a company device, it is the company’s right to read and monitor them, but it is less clear how entitled the company is when the device is for personal use.
The Laws and Regulations Should You Consider When Creating a Bring Your Own Device Policy
There are several laws and regulations concerning the use of personal smart devices for company business. These laws and regulations involve the following and should be considered when creating a Bring Your Own Device policy:
- Breach of state and federal security;
- The breach of Notification Rule under HIPAA (Health Insurance Portability and Accountability Act);
- Data security;
- Legal procedure;
- Contracts; or
- Employment law matters.
In addition to these laws and regulations, companies will need to consider and address a number of legal and human resource concerns before implementing a BYOD policy. These include:
- Wage and hour issues;
- Equal Employment Opportunity laws;
- Americans with Disabilities Act (ADA);
- Occupational Safety and Health Administration (OSHA);
- National Labor Relations Act (NLRA); or
- Liability for access by the company to the employees’ personal information on the employees’ personal device, and loss of that information.
Should I Consult an Attorney for Issues with Smartphones in the Workplace?
Although not necessary, an experienced and well qualified employment attorney will be able to assist you in the creation of a Bring Your Own Device policy for the workplace, if you are an employer interested in creating such a policy.
However, if you are an employee concerned about privacy issues in regard to your employer’s BYOD policy, you should absolutely consult an employment attorney. An experienced employment attorney will help you understand your workplace rights and what actions you may be able to take.