How to Battle Small-to-Big BYOD Issues Legally

By CIOReview | Monday, May 8, 2017

‘Bring your own device (BYOD)’ movement has changed the IT landscape of workplaces with its potential for cost savings and improved end-user satisfaction. While technology has provided for this paradigm shift, it has also attracted a host of legal issues to the forefront. The prevailing BYOD legal issues—such as storing corporate data, secure destruction of the data, applications, and servers—are extensively compromised via devices that are not under IT control. The integrity of these resources is paramount to the everyday operations of IT organizations.

Legally, many BYOD issues don't have any fix resolution. IT organizations are yet to develop a comprehensive BYOD management strategy that enables employees to be productive without meeting legal lines.

To establish a mutual understanding of rules between management, IT and users, policies and basic agreements have been the primary tools to enforce those rules. Organizations have today set some policies in place for business purposes, such as social media policy, preserving reputation, as well as a BYOD policy or agreement but, those aren’t enough to protect them. It is simple; the device belongs to your employee but, the data belongs to you, and policies fail to cover that. It's important to cover these unaddressed bases when it is about the legal implications of BYOD:

• Personal Use versus Overtime: It happens that employees work overtime or stay longer regarding work at office. Employer may need to pay them overtime under the laws governing wages and hours if hourly employees use their phones, depending on what specific tasks workers are performing. Or at last, companies may exempt workers from using personal devices for work to avoid overtime claims.

• Privacy Invasion: In order to organize and evaluate how their employees use tracking technologies and organizations get access to users' personal information stored on devices. Such invasion of workers' privacy may become a hurdle for the organization and affect flexibility. Privacy laws with respect to BYOD are still amorphous. There is yet no stringent law to protect the blurring lines between managing and supporting a user's device.

• Liability: Today, employees using a wireless device while driving for multiple purposes are normal. In such cases, the law demands a prohibition on the use of mobile phones while talking or texting. So, employers might invite legal action to themselves if employees are using mobile devices for business purposes, we call it ‘collision of businesses’.

Companies tend to lose some or much control with respect to their data with the use of personal devices by employees. The storage and transmission of such data, in the absence of appropriate systems in place, are dependent on the employees to secure their devices. In the case of the personal devices of employees, organizations are obligated to implement reasonable security policies that contain managerial, technical, physical security control, and other operational measures to commensurate with the information being protected.

A Comprehensive Written BYOD Policy: The policy shall clearly spell out the rules on the utilization of personal devices by employees. The detailing policy needs to the talk about the manner in which the personal device can be used at the workplace. To exemplify, obstructing the access to certain websites, asking employees to install software on personal devices for real-time tracking or undertake a remote lock or deletion of data that could risk company in future, having protocols to be abided by at the time of severance of the employment.

While many organizations try to impose any policies they want, chances employees won't agree to or abide by them is most probable. It can be improved if all parties involved—HR, IT, finance, legal, operating departments and individual staff members—agree altogether for policy application.

The legal ways are there in place in case of breaches, however, a carefully thought out BYOD policy will certainly reduce many legal risks that a company may face in this area. Common sense and access to good advice regarding BYOD legal issues should prevail.