HR Policies & Procedures

BYOD: It’s Way Ahead of the Law, But You Need a Policy

There are 10 key challenges for HR under Dodd Frank and its various “Say on” requirements, says consultant Deborah Lifshey. Although about half are not currently in force, it’s still a significant hassle.

Many employees are bringing their smartphones and tablets with them to the office—and employers need to be prepared, says attorney Brian Jackson. BYOD (Bring Your Own Device) is here.

The technology has gotten ahead of us. “We’re faced with technologies that the legal system has not yet addressed,” says Jackson, an associate in Fisher & Phillips’ Chicago office. There’s very little case law out there to tell employers what the courts will expect of them if an employee cries foul and sues.

Most commonly, employees would be likely to charge invasion of privacy. Jackson says. “In the absence of case law, here are the best business practices we [employment attorneys] can recommend.”

The Old Days Are Gone

There was a time, not so long ago, when all the electronic and telecommunications equipment in the workplace belonged to the employer. So HR pros had clear policies:

“You should use the tools we provide primarily for business purposes, and you should have no expectation of privacy in your communications. We reserve the right to monitor the websites you visit, especially if we have any reason to suspect you’re accessing illegal sites or sharing our proprietary information.”

And, when an employee was laid off or fired, HR and MIS simply cooperated to cut off the person’s access to the computer and the company’s network and server. But all that’s now out the window.

HR budget cuts? Let us help. is your one-stop solution for all your HR compliance and training needs. Take a no-cost, no-obligation trial and get a complimentary copy of our special report Critical HR Recordkeeping—From Hiring to Termination. It’s yours—no matter what you decide.

Think instead, as many HR people have begun to do, about employees’ use of social networking sites. You’ll often see a mixture of business and personal use, and you need to tread carefully if you access someone’s Facebook page. (LinkedIn is normally more business-oriented.

Now you need to kick it up a notch to allow employees—and you certainly should do so—to use their tablets or smartphones at work. On those devices you have a true mixture: Any employee is likely to have a combination of business e-mails, staff presentations, memos-in-progress—and family pictures and a host of other personal material.

How to Handle BYOD

 Jackson recommends you implement two overarching principles:

First, tell employees that they must create separate folders for business and personal material, and clearly mark them as such.

Second, you and your MIS team will need what Jackson refers to as a “mobile management system” that covers company-owned and employee-owned electronic devices.

That means MIS can access employees’ personal devices no matter where the devices are. Then, once an employee has either left the company or reported the device lost or stolen, MIS can “wipe” all the business information from it, leaving the employee’s private data untouched.

Armed with those two basics, you’re protected. And, your employees will benefit, especially in productivity, from using their devices at work.

Find out what the buzz is all about. Take a no-cost look at, solve your top problem, and get a complimentary gift.

In addition, says Jackson, consider the following:

  • Review your existing electronic monitoring policy. Chances are it badly needs updating. Does it include employees’ use of social media? Personal cellphones at work? As fast as technology is changing, the policy will need to be updated as often as every year.
  • Make ownership of equipment obvious. Some companies allow workers to use their personal devices for work, but the employer pays for Internet access. Others give employees stipends to buy the devices they want. But who owns it is likely to determine how far employers can go to protect business data. If devices are only on loan to employees, policies can go farther than if workers own their devices.
  • Revise your monitoring policy to allow a greater degree of privacy for personal data on personal devices at work. But do emphasize your invention policy: The company owns inventions that employees create on the job, no matter where they’re digitally stored.
  • Stress that employees must use a high level of security on their devices, as well as strong passwords and routine backups of personal data.
  • Decide now what the penalty will be for employees who disengage the mobile management system that allows you to wipe business data off their devices if they lose them, they’re stolen, or the employee is terminated.
  • Says Jackson, “Transparency is the key. Write your policies and make them absolutely clear, so there’s no room for confusion.” Anything that’s vague or unclear, he warns, is likely to backfire.

One final piece of advice from BLR editors: Take special care when non-exempt employees use devices outside of normal work time—there could be wage and hours obligations.