People today can (and do) work from anywhere—connected through the Internet, WiFi, and cloud-based platforms with a variety of mobile devices. This makes preventing confidential and proprietary business information from “walking out the door,” whether intentionally or not, a nightmare for employers. Having a Bring Your Own Device (BYOD) policy may help.
Our greater connectivity and enterprise mobility has confronted employers with a wide range of issues: dealing with the loss or theft of mobile devices, data breaches, security maintenance, issues of discoverability in litigation, and separation issues—e.g., separating work use of a mobile device from personal use, and personal information from work-related information, and what to do on termination of employment.
All employers, large and small, should consider developing and implementing a BYOD policy to beef up security and protect sensitive business information.
Many outside vendors, for a fee, design internal safeguards and will draft comprehensive written BYOD policies. At a minimum, such policies should address the following issues:
- Specifying what devices, operating systems, and Apps are permitted;
- Banning use of “jail break” or rooting software not designed or intended for installation by the devices’ manufacturers;
- Making clear who owns what Apps and data, including social media accounts used for business and marketing, such as LinkedIn™ and Facebook™;
- Delineating how private personal information will be treated separately from work-related information (the personal and work overlap problem);
- Asserting the employer’s right to monitor the appropriate use of devices;
- Creating no expectation of privacy by the employee;
- Addressing network security and access requirements;
- Prohibiting or disabling the use of camera or video capabilities while at work;
- Setting out the acceptable use and treatment of company data, including rules for the storage or transmission of proprietary information belonging to either the employer, its customers, clients, or third parties;
- Delineating the roles and responsibilities of the employee and the employer’s IT department;
- Allowing or authorizing the employer to wipe the device of all data, either remotely when devices are lost or stolen, or when a data breach is detected;
- Revoking access when the employee terminates employment;
- Addressing personal liability, including payment for and allocation of costs for data plans and other service charges incurred for use of personal or company-issued mobile devices between the employer and employee; and
- Imposing restrictions on texting, e-mailing, and talking (without use of a hands-free device) while driving or engaging in other distractive activities.
Employer policies can be an effective way to keep nightmare employment situations at bay. Get more on BYOD and other useful employment policies to include in your employee handbook in CEB’s Advising California Employers and Employees, chap 11. And because the most important aspect of any trade secret protection plan involves people management, check out CEB’s Trade Secrets Practice in California, chap 4A.
Other CEBblog™ posts you may find useful:
- Who Pays for Employee Cell Phone Use?
- Privacy for Employees’ Personal Emails — It’s All in the Policy
- Play Fair: Guidelines for New Employees Hired from a Competitor
© The Regents of the University of California, 2015. Unauthorized use and/or duplication of this material without express and written permission from this blog’s author and/or owner is strictly prohibited.