Smartphones are everywhere, all the time. Most employees bring their personal smartphones to work with them and use them during the workday. Some employers choose to provide their employees with employer-owned smartphones and other electronic devices such as tablets.
However, employees may choose not to carry both their own phones and tablets and those provided by their employer around with them. Employees who work remotely may find it more convenient to utilize just one smart device and that is likely to be their own phone or computer.
In light of this situation, some employers may decide to adopt a Bring Your Own Device (BYOD) policy, as it is easier and more respectful of the preferences of their employees. A BYOD policy means that employees have to supply their own personal devices for company purposes.
There are a number of advantages to requiring employees to use their own smartphones for company purposes. One of these is that it reduces costs for the employer, because they do not have to pay to purchase or lease devices and data plans for each employee who needs one. In addition, employees may purchase better devices for themselves than the company might provide. Their personal devices might have improved technology, be a newer model, or otherwise be an improvement over what the company might be able to afford for everyone.
Employees may like using their own device because they can choose the one they think works best for them. The employee can choose the brand, model and operating system that they prefer. In addition, it might just be easier to manage one device than to have to manage two or more.
A BYOD policy has several risks, however. Before implementing a BYOD policy, an employer would, of course, want to weigh the risks against the benefits and develop a policy to reduce the risks.
What are the Risks Faced by Employers for Allowing Smartphones?
The biggest risk faced by employers allowing their employees to conduct business on their personal smartphones is the company’s loss of control over its data, which takes place when employees use their personal devices and networks to communicate and store company data.
Several kinds of sensitive information probably need to be protected. Examples of data that should be protected from unauthorized disclosure include the following:
- Facts and data pertaining to human resources,
- Confidential or privileged information relevant to legal concerns,
- Financial information,
- Proprietary data, trade secrets;
- Client or other marketing lists.
Loss of security for critical information is the biggest risk in letting employees use their personal devices for company business. An employee can lose their device and then any company data it contains is accessible to any person who finds the device. If devices have to be kept in the office, this risk is eliminated.
Employees are also liable to make errors that lead to unauthorized access and loss of security. For example, employees might use a public, unsecured Wi-Fi network, and fail to protect their devices with a suitable password, such as one that is routinely changed. Or, they may allow their phone to be discovered by Bluetooth technology. Any of these steps and more besides can increase the risk of unauthorized access to vital company data.
Another concern is that if an employee uses their personal device for work calls, anyone they contact will associate that number with the employee. So when the employee no longer works for the company, customers, clients, vendors, etc. will continue to contact that number.
What are the Risks Faced by Employees for Having Smartphones?
There are risks to employees also with a BYOD policy in the workplace. For example, if their employer decides to delete all data from the employee’s phone as a company security measure, their own phone data would be lost as well. An employee could lose all of their personal pictures, videos, contacts, and the like. Of course, this risk could be mitigated by regularly backing up all of the data on their cell phone, which might be a prudent security measure in any event as people are prone to lose their cell phones.
Compromising employee privacy is an additional risk. If an employer adopts a BYOD policy, employees could be obligated to allow the company to have access to their emails, text messages and phones if they are work-related. Arguably, the company would want to monitor these communications if they relate to the employee’s work-related activity.
There may be a way for separating personal and work-related email and the like on a phone, but everyone would have to agree to adopt a strategy and respect its implementation.
It may be more challenging to maintain work-life balance if a person’s supervisor can communicate with them via their personal devices at all hours of the day and night. It can become impossible to ignore work-related communications when one is off-duty. Of course, there is a strategy to avoid this issue if the employer would agree to limit work-related communications to work hours.
And then, again, what happens when a person leaves their employment and moves to a new work opportunity? Former clients and customers may continue to call and it would be on the employee to deal with each of them.
The Laws and Regulations Should You Consider When Creating a BYOD Policy
One major issue is who pays an employee for using their own phone for work purposes. There is no federal law that requires employers to provide their employees with any kind of reimbursement for the cost of owning and operating a phone used for business purposes.
In California, employees get a break. The state’s Labor Code contains a provision that requires employers to reimburse employees for their cell phone bill if the employees use them for work-related purposes, even if an employee’s cell phone plan includes unlimited minutes. And, if a person is self-employed, they can write off cell phone charges as a business expense per the IRS.
There are several legal issues that might arise from the use of personal smart devices for company business.
- HIPAA: The potential breach of Health Insurance Portability and Accountability Act (HIPAA) privacy regulations: Employee health information might be accessed by the company in violation of privacy protections;
- Breaches of Data Security: There could be breaches that affect the employer’s data or the employees;
- Confidentiality Problems: Again, the confidential or even proprietary information of either party could be compromised;
- Breach of Contract: One strategy for dealing with these issues is for the parties to enter into a contract that contains explicit promises as to how issues are to be resolved. If either party breaches the contract, there could be lawsuits.
Employers would also need to consider and address a number of potential human resource issues before implementing a BYOD policy. These include:
Should I Consult an Attorney for Issues with Smartphones in the Workplace?
An experienced and well-qualified employment attorney can assist you in formulating a BYOD for your workplace, if you are an employer interested in adopting one.
However, if you are an employee concerned about privacy or other issues in regard to your employer’s BYOD policy, you should consult an employment attorney. An experienced employment attorney will help you understand your workplace rights and what actions you may be able to take to protect them.