A majority of businesses now allow employees to bring their own electronic devices to use at work, notes Chapman. With the rapid evolution of technology, this policy has quickly become the go-to standard in most workplaces.
However, commingling personal and professional usage, data, and ownership of electronic devices creates challenging legal and security implications. Who owns work-related compensation data on employee-owned devices? The harsh truth is that courts and legislatures have yet to decide that complicated issue, Chapman says.
Chapman, an associate with DiMuroGinsberg in Alexandria, Virginia, is a contributor to Virginia Employment Law Letter.
Whether driven by the younger generation’s need to have the most recent and technologically advanced devices or employers’ attempt to save corporate money, BYOD is the new norm, Chapman says. As the line between business and personal ownership begins to blur, however, corporate security concerns grow.
A recent survey by YouGov and Research Now found that 67 percent of surveyed companies had no policies or procedures to manage employees’ use of personal devices for work purposes, says Chapman. If you are one of the 67 percent, you may be headed for trouble, she says. Here’s why.
What are your competitors offering workers these days? Check your state’s edition of BLR’s exclusive Employee Compensation in [Your State] program to find out. Try it at no cost or risk.
BYOD Generates Real-World Concerns
Consider the following scenarios, says Chapman:
- An employee leaves your company but still has sensitive company data like rate ranges or individual pay data on a personal, dual-use device
- A hacker preys on the unsecure smartphone carried by your employee and gains sensitive information
- Your employees store company trade secrets on their personal devices, which leads to the information “leaving” your control
- Your company is involved in a lawsuit and as part of e-discovery (the exchange of information relevant to the lawsuit before trial), normally purged information is found stored on an employee’s personal device.
Don’t trust national salary data when you can have data specifically for your state and region. Find state data on hundreds of jobs in BLR’s famed Employee Compensation in [Your State] program.
All of those scenarios can occur when you allow your employees to use their own electronic devices at work. Gale Gruman, the executive editor of InfoWorld, has observed that companies have adopted three types of BYOD policies to address these concerns:
- Shared Management. Company policy states that an employee accessing business resources from a personal device gives the company the right to manage, lock, and wipe that device. The policy is normally put into a written agreement.
- Corporate Ownership. The company owns and buys the device. If employees don’t like the company-issued device, they can buy their own personal device that has no corporate access.
- Legal Transfer. The company buys the device from the employee. Normally, the company will purchase the device for some nominal amount (e.g., $5) and give the employee the right to use it for personal purposes. The employee has the right to buy the device back for the same price when he or she leaves the company.
None of these policies is “right” or “wrong,” says Chapman. Which type of policy you choose to implement will depend on your business needs.
In tomorrow’s Advisor, Chapman on the legality of accessing personal devices and how to mitigate your security risks, plus an introduction to the unique state-based compensation program, Employee Compensation in [Your State].