Employee Owned Tablets and Technology Devices: Managing the Risks and Rewards Starts with BYOD Policy
With Christmas quickly approaching, employers should expect that their employees will be enjoying new technology devices entering the new year. And this means employers should expect new employment law compliance issues and technology risks for their companies.
Bring Your Own Devices and Employment Law Compliance Issues
Employee owned devices create a minefield for employers when it comes to employment law compliance issues. This is especially true when it comes to wage and hour claims. These claims generally arise out of allegations that an employer failed to pay overtime wages. Wage and hour claims may be brought under the federal Fair Labor Standards Act (FLSA) or state wage-hour statutes. In either circumstance, wage and hour lawsuits expose employers to significant damages (hundreds of thousands of dollars and up) and legal fees.
Companies that provide employees the ability to remotely access the workplace through the Internet or using company issued smart phones, tablets, computers, etc. or employee owned devices essentially allow for 24/7 access to the workplace. But this also means these employees are performing work they should be compensated for, including overtime. For a very good explanation of these wage and hour claims, see Caryl Flannery's blog post, "Technology’s Got Me Working Overtime."
Bring Your Own Devices and Technology Risks to the Company
As to the technology risks, last year we published a blog post about managing such risks. See Tis the Season to Tech the Workplace Halls - Managing Employee Owned Technology Devices. This article highlighted four of the major risks that employee-owned devices create for employers.
One way to mitigate these risks is through the use of an appropriately drafted technology policy. Such policies, sometimes referred to as a "bring your own device" or a BYOD policy, can either be a stand-alone policy or incorporated into an employee manual.
A BYOD policy should be considered a "must have" for any employer whose workforce is allowed and/or expected to use their own smart phones, tablets or other mobile devices for work either while at the office or during nonworking hours. As to what should be in your company's technology policy, the details should be discussed with management, your IT department, and legal counsel. The intent of bringing together these stakeholders is to make sure you end up with a workable policy that meets and balances the business needs with IT security and legal compliance issues.
Recommendations for What to Include in Your Company's BYOD Policy
A discussion of specific language that you should include in your company's technology policy is beyond the scope of this blog (the working draft our law firm uses for its business clients spans several pages). However, several points for discussion include:
- A process for registering or accounting for all employee devices. This should also include a means to confirm each such device is up-to-date as to anti-virus software and other security-related protections, e.g., tracking or remote disabling in the event a device is lost or stolen.
- Implementing a procedure for reporting any device that is used for business purposes and that has been lost, stolen, or accessed by unauthorized persons or otherwise compromised.
- Provisions making it clear that your company's policies covering the handling and protection of its confidential information and intellectual property, including trade secrets extend to the use of all devices, whether provided by the company or owned by the employee.
- Making it clear that all content created on, transmitted to, received or printed from, or stored or recorded on any device that relates in any way to your company's business remains the the property of the company, regardless of who owns the device used.
Employees should also be advised and consent to some degree of employer access to a device in order for the employer to monitor and enforce the technology policy. Unfortunately this should include investigating any instances of employee misconduct that may involve the device.
For more information about technology related employment policies, including BYOD policies, contact Jason Shinn, an employment attorney who has addressed technology legal issues in the workplace since 2001. This technology experience includes investigating employee computer misconduct, managing e-discovery and litigation hold issues, and emerging social media legal issues. With this insight, Mr. Shinn works with companies to address the important steps that an organization should undertake when implementing a successful BYOD program – one that contains appropriate policies, procedures, and security measures to protect your company's business information and network.