To be successful and remain competitive, architects, engineers, and other construction professionals must be aware of with rapidly-changing trends in technology. Some businesses have shifted from company-provided laptops, smart phones, and tablets in favor of employee-provided devices, known as bring-your-own-device, or BYOD. While there are many benefits, there are some legal risks that you should consider.
Bring-your-own-device is embraced by younger workers, and is gaining favor among more experienced professionals. The Society for Human Resource Management recently reported that nearly 86% percent of employees own the smart phone they use for work. Allowing employees to use their preferred devices can aid in recruiting and boost productivity and job satisfaction. It can reduce a company’s equipment and technology costs. In addition, because workers are able or even expected to troubleshoot problems on their personal devices, BYOD can reduce the workload and budget of an IT department.
Security is the Concern
However, BYOD can present legal and practical challenges for a business. The primary concern for employers is data security. If a device is not adequately protected by strong password and a timeout function, confidential company information is vulnerable if the device is lost or stolen. Lost or compromised company data can result in a damaged reputation and costly lawsuits. An employee might not use the proper precautions to protect their devices from hackers or viruses. Additionally, an employee using a personal device might be more willing to engage in prohibited activities such as company defamation or harassment of a co-worker. Employees may connect to their devices via unsecured Wi-Fi hotspots, share them with friends or family members or lose them. All of these possibilities raise the risk for the unauthorized disclosure or destruction of business data.
Watch Out for Overtime!
Use of personal devices for work-related purposes may expose employers to overtime and wage payment claims under the Fair Labor Standards Act and state overtime and wage payment laws. Since nonexempt workers would have access to the technology at all times, they could send work emails and text messages and engage in work activities outside their scheduled work hours.
In some states, state law requires employers to reimburse employees for the costs of using their personal devices. For example, California Labor Code Section 2802 requires employers to cover their employees’ business expenses, which could include at least part of the costs of a wireless voice and data plan if the employee is permitted to use a personal device for work.
Business Records Must be Maintained
Employers must also ensure that business records stored on an employee’s personal device are saved long enough to satisfy discovery requests if the company is involved in litigation. Failing to retrieve information stored on a worker’s personal device that should have been produced may lead to adverse consequences for the employer in the underlying litigation.
Employee Concerns
Employees may be hesitant to participate in a BYOD program, fearing a violation of their privacy. They may worry that their personal data, emails, and photos could be accessed inappropriately by your company. The employee may be required to install the company’s mobile device management software, or MDM, which can create a barrier between company data and personal data, but MDM can also be used to monitor device activity. MDM can also remotely wipe company data from a device if the employee is terminated or if the device is lost or stolen. Employees may worry that their own personal data will inadvertently be wiped from the device at the same time. These concerns could lead to workplace mistrust and even a loss of productivity.
Adopt a BYOD Policy
Despite the risks, many companies have enjoyed great success utilizing BYOD by establishing a clear and precise BYOD policy. That policy should address:
- Who is eligible to use their personal devices? If non-exempt employees use a personal device, how will they account for their time?
- What brands/types of devices are acceptable?
- What is the level of password protection required on the device?
- Will MDM be required to be installed on personal devices before they are used for company business?
- Is the company going to pay for any portion of the monthly fees associated with such device?
- How will an employee’s personal data and privacy be protected?
- Is IT support available for personal devices?
- Will the company monitor activities on personal devices? If so, how, and for what purpose?
- Provide reasonable notice to employees about when company data will be “wiped” from personal devices. How will the company make the distinction between work and personal information?
Laws regarding monitoring of employee-owned devices are developing and can vary on state and federal levels. Any company that intents to monitor activities on personal devices through MDM or other methods should clearly state that in their BYOD policy and secure the employee’s consent. Some companies offer employees financial assistance with their monthly service fees in exchange for the employee’s permission to install MDM software on their devices. Once a BYOD policy is developed, it should be added to hiring/orientation paperwork, the employee handbook, and distributed to all current employees.
If you have any questions about BYOD or other workplace policies, please give Gibbes Burton a call at (864) 327-5000. We would be glad to help you.