10 keys for a BYOD policy that won’t get you sued

team on phones

At first, BYOD was something a few brave companies were giving a shot. Then it became a nice way to get users off corporate devices. Now company phones are rare and BYOD is becoming the norm.

What’s the next hurdle for Bring Your Own Device? Keeping it from becoming a legal liability. 
The lines between the tech users have for their own personal use and what they use for business is increasingly blurred. And that makes the shared use of a device for business and personal matters a potential legal nightmare.

Delicate balance

When users are walking around with company information on a device that’s easy to lose or steal, IT can’t just shrug off the risk and tell users, “Use it how you’d like.”

On the other hand, users have all their personal contacts, information and other valuable content on phones (such as photographs, voicemail, etc.) on phones, too. Any attempts for IT to regulate the use of these devices will be unpopular.

These competing interests could wind up with BYOD disputes being fought in the courts.

10 areas to focus on

So how can you help curb legal action – or at the very least help protect your company in court?

You can check out our sample BYOD policy here. But below we’ll focus on legal aspects of these policies and what you need to establish with users up front.

  1. Ownership. The most basic step is one of the most important. You’ll need to establish who is the owner of the device. With BYOD, the owner will likely be the user who supplied the device.
  2. Remote-wipe provisions. Users need to understand that IT will be given a role in managing their personal device and how it will be used. They should agree to not only allowing IT to remote wipe information from the device, but also to alerting IT to lost or stolen devices promptly.
    Most importantly, users need to know what information could be lost in the event you need to wipe it remotely. In some cases, IT will only need to remove company data. In other cases, it may need to wipe the whole device. In either situation, there’s the possibility their personal data could be lost permanently.
    Establish that this is a real possibility – one that users will have to be prepared to accept if they want their devices to be used for work.
  3. Costs. This should cover who will be responsible for regular voice and data bills, who foots the costs for overages and roaming, work-related or otherwise, etc. Confusion over who pays for a device, its service or incidentals are the easiest ways to wind up in court.
  4. Eligibility. If BYOD is treated as a perk, you’ll need to clearly establish who is and is not eligible for it. Best bet: Approve or deny BYOD based on job descriptions, not individuals. That way, no one can claim being kept from participating was discriminatory.
  5. Location tracking. Mobile devices make it possible for IT to determine more about a user’s location than ever before. But beware: This information could work against you. The best bet is to avoid using any features that could report on a user’s location.

    Pages: 1 2