Love it or loathe it, it looks like the ‘bring your own device to work’ ("BYOD") revolution is here to stay.
Employers are increasingly allowing (and indeed encouraging) employees to work using personal devices, rather than insisting that allocated phones, laptops or tablets only be used for company business.
There are no doubt advantages to working in this way – increased productivity, perhaps, because the employee is comfortable with his own device and can work from it wherever he goes. There may be costs savings for the company too, perhaps, as replacement and upgrade costs are minimised.
There are a number of legal implications employers need to be aware of, however, before embracing such a practice. The solution to many of these issues is to make sure you have a watertight BYOD policy in place well in advance.
Here are five points which should be considered when drafting and implementing such a policy:
Who owns what?
As an employer, you may legitimately wish to impose certain post-termination restrictions on your employees, limiting their ability to contact or solicit business from your clients once employment has ended.
To ensure these are workable in practice, even though employees will not be returning their devices to you, make sure the policy covers ownership of property such as contact details, for example, or the mobile phone number used by the employee.
Ensure that client contact details in particular remain company property, even if stored on a personal device. Ensuring that such details are only stored on an accessible company database (rather than within the device memory itself) will aid the distinction between company and employee property.
What is allowed?
As with any IT policy, there need to be clear guidelines on what is permitted when using these devices. Ensure it is clear what systems access is permitted, what devices can be used, and what social media use is allowed whilst connected to a company’s network. Ensure these rules tie-in with the disciplinary policy so you can take action in the event of breach.
Providing IT support even for personal devices, or covering the cost of security software, may save your company money in the long run. Whatever you decide, make sure the policy is clear on who pays for what.
This is vital. Make sure that the policy details precisely what password protection and encryption must be enabled, and what security software must be installed. Consider including a right to remotely delete all information and systems access in case of loss or theft, and make clear that the company takes no responsibility for personal data being lost.
IT and HR collaboration
Human Resources departments may well be used to drafting policies setting out the expectations and limits of employee behaviour, but the policy will need vital input from IT to ensure that it is workable, all-encompassing and effective.
Exciting and revolutionary indeed, but ensure all legal implications are properly covered before joining it!
- Graham Greene is a Partner in the Labour and Employment department of Reed Smith LLP.