Workplace Policies on Mobile Devices

The number of workplace policies that employers need to develop is constantly multiplying.  Recently, the need for a Bring Your Own Device Policy is appearing in articles dealing with workplace issues.[1]

What is a “Bring Your Own Device” Policy?

Bring Your Own Device (BYOD) means the policy of permitting employees to bring personally owned mobile devices (laptops, tablets, smartphones) to their workplace and use those devices to access privileged company information and applications.  While not required by statute like those required under the Occupational Health and Safety Act, the need for a BYOD policy is still important for both employees and employers to consider.

A November 2012 report by OVUM for Logicalis on the use of BYOD in the workplace suggest that more than half of employees are already using their own technology in some capacity at work.[2]  The numbers for employees in high-growth emerging economies are even higher with around 75% of employees reporting that they are happy to use their own devices for work.  Likewise most employees in the high-growth market prefer to use a single device for both work and personal use.  People do not like to carry around two phones.

Allowing your employees to BYOD

There are both pros and cons to this trend:

Pros

The benefits include potentially helping employees be more productive by being able to access work materials remotely and after hours.  As highlighted in another article in this newsletter, employers also have a duty to accommodate their employee’s family status obligations. The flexibility offered through BYOD (or other types of remote access) may assist employers in meeting those obligations.

The efficiencies presented by working on one single device which seamlessly integrates multiple functions may also be attractive for many people.

While it would seem that there should be cost savings to the employer once they no longer have to purchase the equipment, there is a question about whether in fact having to integrate and manage multiple types of devices would be more costly.

Cons

The most significant issue with the BYOD trend is that it would appear that much of this activity is going unmanaged.   In the absence of a policy there is a risk that employers may lose or compromise important information through their employee’s personal devices.  A comprehensive BYOD policy may involve both directives to employees as well as the adoption of certain technology which may allow the employer to control security settings, ensure that business information is stored on the company network and to delete data remotely if the device is lost and stolen.  One can expect that some employees may find such technology overly intrusive and there is likely to be debates about where the line between ensuring the employer’s information is protected and the employee’s right to privacy is drawn.

Without a policy and the appropriate technology in place, a terminated employee, or one who simply quits may walk out the door with considerable confidential information on their personal device without any means for the employer to be able to retrieve or wipe that data from the device.  Likewise, a lost or stolen device that had information which was not properly backed up onto the company’s network may prove to be an expensive problem.

What Are The Options?

There are two main options.  First, employers can maintain an outright ban on employees using their personal devices for work purposes and retain control by owning employee devices.   Such an approach while inconsistent with the trend, will allow employers to maintain control and militate against the risk presented by integrating employee’s personal devices.  Alternatively, employers can develop a BYOD policy, in partnership with their IT department or providers.  Such a policy will need to be clearly communicated to the employees particularly if the employer wishes to maintain the power to delete data in certain circumstances.