Technology continues to blur the lines between our personal and work lives. How often have you answered a client email on your work laptop, only to receive a follow-up question via text message on your personal phone?
Many workplaces have adapted to the fluid use of technology and encourage their employees to use their own technology at work through bring your own device (BYOD) policies.
BYOD can provide many benefits to workplaces and employees. It has been shown to improve efficiencies and worker engagement while powering a more innovative, productive and collaborative workforce.
As the use of mobile devices increases relative to personal computers, and as organizations continue to embrace the benefits of remote working arrangements, we believe that BYOD will continue to trend upwards.
But what are some of the legal risks and best practices surrounding BYOD which organizations should be aware of?
Employers should define the acceptable uses of personal devices for work purposes. An employee’s use of email, instant-messaging and the internet can be a vehicle for inappropriate, discriminatory or harassing behaviour, especially for employees who feel less inhibited using their personal device.
For example, an employee who exchanges inappropriate images with another employee on their respective personal devices could be engaging in workplace harassment. As such, employers should be clear about the acceptable uses of workplace technology, regardless of who owns the equipment.
Vicarious Liability and Security
Vicarious liability refers to a concept whereby employers can be held responsible for the negligent actions of an employee, which includes an employee’s use of technology.
What happens when an employee’s personal computer is stolen, yet is flush with highly sensitive client information and which has minimal security preventing access to the computer, company networks and applications? What about an employee who uses their personal computer to visit questionable websites on their personal time and is then subject to a malware attack which places confidential company information at risk?
Employers should educate employees on the importance of security best practices, such as not storing any work product locally. Organizational best practices can also include using a password manager like LastPass and using a Virtual Private Network (VPN) to add security and privacy to private and public networks.
BYOD policies should also contemplate the security of confidential information on personal devices for departing employees. The exit requirements should include a process for deleting data and proprietary information, as well as revoking access to organizational networks and applications.
We have previously written about some of the issues surrounding constant connectivity, which can include claims for unpaid overtime to employees who are checking and responding to emails after work hours. This is especially true for remote workers and workers who use their personal devices at work. Employers should, therefore, have clear policies about the use of personal devices for work-related activities after hours.
While there may be some logistical hurdles in implementing an effective BYOD policy, we do not think it is something employers should shy away from. Studies suggest that up to 67% of employees use a personal device at work, whether an organization has a BYOD policy or not. You might as well embrace the fact that your top performers will check their work email on their brand new iPhone and access your cloud platform from their tablet in a trendy coffee shop on a Sunday afternoon.
Organizations should therefore proactively devise and manage effective BYOD policies so that both employers and employees can reap the benefits of leveraging technology in the workplace.
If you need help developing a BYOD policy, we would be glad to assist.