Breaking Down “BYOD” Policies

February 14, 2017

The explosion of smartphones, tablets and technology generally, has inevitably resulted in employees performing work tasks on their personal devices.  In the age of the ever present smartphone, and for many, the accompanying compulsion to stay constantly connected, employers and employees find themselves balancing the benefits and pitfalls of employees using their personal phones to conduct their employer’s business.  This has resulted in increased productivity and flexibility and oftentimes resulted in lowering a companies technology costs.  With these benefits, however, come certain risks that a prudent employer should consider and provide for.  The most popular means of addressing these issues is in the implementation of a Bring Your Own Device (“BYOD”) Policy.

While there are many concerns an employer must consider in crafting the most appropriate BYOD policy, some of the most common include: data security, employee privacy, theft or loss of device, non-exempt employee usage, and employer liability for employee misconduct.

Data Security

Data security is a huge concern for employers and as such this element is crucial to alleviate company concerns that an employee could potentially compromise company data through lax or nonexistent device security.  Similarly, employers justifiably have concerns regarding employees connecting to unsecured Wi-FI hotspots or sharing their devices with other individuals leading to compromised data. Accordingly, employers should consider requiring password protection, automatic locking after a certain period of inactivity, mandating regular backups, restricting access to especially sensitive company information or even using software to create a virtual partition in devices to keep personal data separate from work data.

Employee Privacy

A good BYOD policy will clearly set forth the employees expectation of privacy on their personal device that is being used for business purposes.  It is important that after signing the agreement the employee understands what their rights are as to the device and information thereon.

Theft/Loss

Because phones are lost or stolen with unfortunate frequency, it is important that there be a policy in place that requires employees to immediately report a lost or stolen device. This section of the agreement may also contain a provision regarding the company’s decision to install software that would allow the company to remotely wipe the device in the event it is lost or stolen. Ultimately, all parties should be aware of what will happen to the device in the event it is lost or stolen.

Non-exempt employees

Because the Fair Labor Standards Act requires that non exempt employees be paid for all hours worked, a comprehensive BYOD policy will include a prohibition against off-the-clock email access/work by non exempt employees unless specifically authorized  This ensures that all work performed on the company’s behalf is compensated.  Accordingly, deciding what classifications of employees will be able to use their personal devices for business is crucial. A company must proactively determine how it will handle such situations to avoid exposure under federal and state labor laws.

Employee misconduct

Finally, an employer wants to consider its potential liability if an employee uses his or her personal device to send harassing emails, even outside of work hours.  Because the device is the employee’s personal property, employees may feel more comfortable engaging in inappropriate conduct than they would on company owned property.  This could potentially lead to an employee using social media, texting, or phone calls to defame, harass or otherwise inappropriately treat the company, co-workers, or other related parties.  To address such concerns a policy should reaffirm that the company’s policies prohibiting such conduct apply with equal force to all devices covered under the BYOD policy.

There is no one size fits all BYOD policy.  What a Company needs by way of a BYOD policy will be controlled by the type of business,  type of information contained on employee’s device and the availability of IT support to the employer.  Additionally, due to the number of laws that intersect and impact BYOD policies, consulting an attorney to draft such a policy is crucial to the its success.

If you have any questions about BYOD policies, please contact us at 610-275-0700 or via email at main@highswartz.com.

The information above is general: we recommend that you consult an attorney regarding your specific circumstances.  The content of this information is not meant to be considered as legal advice or a substitute for legal representation.