In our 24/7 society it seems everyone carries a smartphone. We feel the need to be able to access email, surf the internet, text message and make and receive calls anytime, anywhere. And many employers want their employees to be reachable anytime, anywhere. As a result, many employers are going “BYOD” and adopting Bring Your Own Device Policies. But going BYOD creates certain legal risks. Employers need to know those risks and how to minimize their exposure to them.
The primary legal risks associated with going BYOD include:
- Loss of confidential information due to the loss or unauthorized access of the employee’s device.
- Wage and hour issues, such as a non-exempt employee using the device to work overtime or a minimum wage violation because the fees and expenses for the device reduce the employee below minimum wage for each hour worked.
- Discrimination and harassment.
- Employee negligence – the employee has an accident while using the device which results in a worker’s compensation claim, a claim by an injured third party, or both.
- An overbroad BYOD policy which inhibits “concerted activity” in violation of the National Labor Relations Act (“NLRA”)
To minimize these risks employers should adopt a BYOD policy. An effective BYOD policy should:
- State that mobile device management software will be installed on the employee’s device which allows the employer to remotely “wipe” the device if necessary.
- State that the employer is not responsible for personal data loss.
- State that the employee has no expectation of privacy in the information stored on the device.
- State that the employer can monitor and preserve all data on the device.
- Require employees to sign the policy consenting to the terms.
- Prohibit the use of the device outside of the employee’s normal work hours unless expressly authorized to do so.
- Prohibit the use of the device for work while on unpaid leave unless expressly authorized to do so.
- Ensure that the fees and expenses for the device do not reduce the employee below minimum wage.
- State that time worked using the device will be counted as compensable time.
- Prohibit the use of the device for discrimination or harassment.
- Prohibit the use of the device when driving or operating equipment.
- Prohibit the storing of information from prior employers.
- State the protocols that will be followed in the case of an employee’s resignation or termination.
- Specify any other prohibited uses.
- State that the employee must notify management immediately in the event their device is lost, damaged or stolen.
- Contain an NLRA disclaimer.
- State that the BYOD Policy may be revoked at any time.
Adopting an affective BYOD Policy which contains these elements will help those employers who choose to go BYOD minimize the risks from doing so.