As I settle in at a table in my favorite cafe near my home, large coffee in hand, I check my work emails from my personal smart phone as I pull out my personal laptop and dial into my company servers, providing access to all of our systems. I notice that at just about every table, there is at least one other person mimicking my actions. What is going on? Are we here at this little noshery, just the fortunate few who have jobs that lend themselves to remote work and employers who don’t care or notice that we are not in our little cubicles back at the mother ship? Or is it something larger?
More and more employers are allowing, encouraging or oblivious to the growing tsunami that is called “Bring Your Own Device,” or BYOD.
What is causing this radical reshaping of the work environment? Two different, but interrelated, phenomena: 1) the consumerization of information technology, and 2) the blurring of the line between work life and personal life experienced by many employees.
The result of this force majeure is the rapid adoption of mobile devices by employees — including iPhones, iPads, Android smartphones and other such electronic goodies. Because of the ease of use and functionality of these gadgets, which are enhanced by hundreds of thousands of free or low-cost applications, millions of employees have begun using them to perform work. Recognizing this, a growing number of companies have struggled to create new policies or programs (BYOD policies) that allow employees to use their personal mobile devices to create, store and transmit work-related data. These new policies turn an employee’s personal device into a “dual-use” device, one used for both personal and company data and activities.
This irreversible trend presents some very real and immediate challenges — both practical and legal — for employers. There are two broad categories of risk inherent here. The first set relates to the fact that company data is now being stored and transmitted on devices and networks the employer may not own or control. This can lead to issues related to government regulations requiring companies to carefully protect the privacy and security of sensitive personal, financial and health-related data. It also poses risks to the protection of a company’s trade secrets, and other proprietary or confidential information.
The second set of risks relate to employee behavior. For example, employees may feel their own personal devices should not be regulated by company policies regarding acceptable use, or they may be more likely to engage in “off-the-clock” work that could add to overtime expenses or increase the risk of wage and hour claims. Employees may be more inclined to view or download images and other material that could violate employer harassment and/or appropriate use policies.
So what should you as an employer do in the face of this ever-growing trend?
The BYOD movement requires employer consistency across multiple workplace policies and practices. Technology has advanced to the state that our personal and business lives overlap, yet our laws and regulations sorely lag behind. Whether an organization is prepared to adopt a comprehensive BYOD program or not, every organization will need to address the question of how to react to the inevitable and growing use of personal devices in performing work.
Unfortunately, setting up a BYOD program is neither simple nor static. This is a dynamic area, and each new feature and application invented for mobile devices creates potential challenges for the employer. This constant state of change will require continued diligence and a re-examination of the benefits, risks and responsive choices by employers through their management, corporate counsel, HR professionals and IT departments.
A BYOD program requires modifications (subtle or complete overhauls) to many existing policies, including: harassment, discrimination and equal employment opportunities; workplace safety; time recording and overtime; acceptable use of technology; compliance and ethics; data privacy and security; records management; litigation holds; and confidentiality and trade-secret protection.
Each of these policies should be
reviewed with an eye toward addressing the use of personal devices by employees both inside and outside of the traditional office. Each organization must develop its own program based upon its particular needs and concerns. The challenge will be well worth it as companies with the courage and foresight to implement policies like “bring your own device,” which encourage new ways of working, will have a huge advantage in recruiting and retaining talent, thereby giving them an edge over theircompetition in the ever-competitive marketplace.
Scott Summers is a partner in the Louisville office of Dinsmore (www.dinsmore.com).