Employers who don’t think they need a bring-your-own-device policy should consider this: Nearly 70 percent of millennials and 31 percent of baby boomers surveyed last year by TrackVia admitted to using their own devices and applications for work, regardless of whether their employer had a policy permitting it.
Clearly, there’s a significant gap between work-related use of personal devices and workplace policies. That disparity can mean trouble on many fronts. Employers lacking BYOD policies face legal and operational ramifications, increasing their exposure to overtime, privacy, security, and financial troubles.
The most effective BYOD policies are tailored to the business and its employees. We recommend convening information technology and human resources professionals in high-level discussions that produce BYOD policies in three steps: building the business justification, deciding who’s covered, and writing the rules.
Business justification: The pros and cons
With the ubiquity of smartphones, tablets, and laptops, it’s no wonder that lines have blurred between work and personal lives. Businesses considering BYOD policies – which should be nearly every employer that uses technology – must understand the impact on operations.
First, consider the pros and cons. The pros seem obvious:
Accessing work programs on the go can boost productivity.
Costs might decrease.
Employers and employees can easily stay in touch with each other and with clients and customers.
Employees appreciate the convenience of managing work and personal lives on one device.
Potential loss of employer control over devices.
Unintended overtime, especially when employees take it upon themselves to get in extra work.
Security concerns. Smartphones are frequently misplaced. Is data at risk of loss or theft? Can confidential or proprietary material take a walk?
Potential costs. Who pays for the device and for repairs, apps, and data and voice plans? Naturally, expenditures have tax consequences.
Deciding who’s covered
Who will be allowed to use personal devices to access work products and documents? Some employers limit use to salaried, exempt employees to avoid incurring unintended overtime.
Ask, also, what happens to the device and the data on it when an employee quits or is fired. Should salespeople be given access over their personal devices to confidential information, such as customer lists, phone numbers, and prospects?
This is also the place to consider privacy implications. To what extent will the employer monitor activity on the devices? Keep in mind that federal laws prohibit unauthorized access to certain electronically stored information.
Writing the policy
All the decisions made about business justifications and participants go into writing a policy. The result is a document that participating employees sign, acknowledging that they understand their rights and responsibilities.
Consider these additional factors to ensure an effective BYOD policy:
Be clear on monitoring, whether devices are monitored routinely or rarely. Remember that protected information found during monitoring cannot be used for illegitimate purposes. For instance, private medical information can’t be used against the employee.
Notify employees that communications via mobile devices are discoverable in business-related litigation. Plus, public-sector employers may be subject to Right to Know and Freedom of Information Act obligations. In Pennsylvania, any document or communication that meets the definition of “record” may be subject to disclosure, regardless of storage method or location.
Regular policy updates are crucial to keep pace with changing technology and legal landscape. Users must acknowledge that they will abide by updates the employer issues.
Developing a strong BYOD policy requires a collaborative approach by HR and IT departments, guided by senior management and legal counsel. Well-constructed policies give employers considerable protection from litigation, and they can prevent litigation from occurring.