As more employees use their personal computing devices at work, companies have to ask some questions about their rights to manage a gadget that someone else owns.
While many of BYOD’s complex legal questions have yet to be answered by laws or court decisions, there are two rules experts say companies should keep in mind when they start allowing users to bring in personal smartphones and tablets:
- Don’t access more data than you need to, and
- Inform employees about what you’ll be able to do with their personal property.
To minimize the security and other risks of employees’ personal devices, companies are beginning to write BYOD policies that outline what people are allowed to do with devices that are also used for work. But to avoid lawsuits and employee gripes, those rules should also make clear what the company is and isn’t allowed to do with a personal device.
One of the key features that should be included in a BYOD policy, according to management consulting firm Janco Associates: Prohibit IT staff and management from accessing an employee’s personal social media accounts that employees may be logged into on those devices.
Janco cites the Stored Communications Act (SCA), which prohibits unauthorized people from accessing password-protected accounts and data. In one 2009 court case, two employees successfully sued their former employer after their boss forced them to hand over passwords for a MySpace page they had created.
A similar complaint could be made, Janco warns, if a manager uses the company’s access to an employees smartphone to get into one of those accounts.
Inform employees before they sign up
There are also activities that companies are within their rights to do but that might lead to complaints from employees. That may include remotely wiping a personal device if it’s lost or stolen.
To avoid problems if and when that must be done, experts say companies should include in their BYOD policy everything the company may do with a personal device, and have employees sign off on the policy before they’re allowed to participate in the BYOD program.