It seems virtually everyone has a smart phone, tablet, laptop, or other type of personal device. As these devices become more common, employees using these devices to connect to an employer’s computer network is also increasing. While there are benefits to allowing employees to use their personal devices to perform work-related activities, there are also risks. The best way to address these risks before they become problems is to have a comprehensive policy regarding employees using personal devices for work, often referred to as “Bring Your Own Device” policies.
The risks in allowing an employee to access private business information from his personal device are abundant. Among the many distasteful scenarios are a device being lost or stolen, viruses or malware, violation of a law leading to liability for the company, or business information falling into outsider hands.
There are many ways that a company’s private information might make its way in to a third party’s hands through a personal device. Many people do not have a password on their phones, let their friends or family use their phones, inadvertently transfer information through “unsecured” wireless networks, and fail to have anti-virus software. These things, along with the possibility of a phone being lost or stolen, will make your company’s information less private than you intend.
Along with the business considerations of protecting company secrets, there are also legal considerations. Personal devices are subject to state and federal rules of discovery of electronically-stored information. This means personal devices might need to be handed over to opponents in a lawsuit which may open up the company to a conflict as they are legally prevented from infringing on their employee’s privacy, yet may be legally required to produce the information on a personal device. Other legal liabilities may be opened up if your company stores certain protected data, such as social security numbers, driver’s licenses, and other personal identifying information. Furthermore, if an hourly employee is working from her personal device off the clock, this may be considered overtime and might implicate wage and hour laws.
A possibility even more concerning is an employer being held liable for an employee’s misdeeds on his personal device because that device is also used for work. For example, recently, Coca-Cola was ordered to pay $21 Million dollars after a Coca-Cola truck driver hit and killed a woman with a company truck while speaking on her cell phone. The National Safety Council released a report which notes that “the key phrase ‘acting within the scope of his or her employment’ can and has been defined broadly in cases of crashes involving cell phones.”
Although there are many benefits to allowing employees to use their personal devices for work, it is imperative that the risks are also addressed. The best way to address these risks and avoid liability for the company is to create a clear and comprehensive Personal Device Use Policy and to consult your employment counsel if you have any questions or issues.
If you have any questions regarding personal devices in the workplace, please contact any of the attorneys at Royal LLP at (413) 586-2288.