When it comes to Bring-your-own-Device (BYOD) setups, they seem to be very beneficial and rewarding to businesses. Many businesses are starting to incorporate a BYOD system into their business by allowing employees to use their own private devices for work purposes as well. In this article, we’ll be looking at BYOD legal aspects and what measures businesses need to have in place to ensure the business, employees and consumers are all protected.
What is BYOD, and how does it benefit companies?
Bring-your-own-Device or BYOD is a practice many businesses are adopting that allows their employees to use their personal devices (laptops, smartphones, tablets) for work purposes. While the concept is widely used especially in the U.S., some aspects can make this practice dangerous for businesses if they don’t have the proper data security and legal policies in place.
One of the reasons BYOD has become so popular is that it saves businesses money as they no longer have to purchase expensive devices for their employees. Many businesses have also seen an increase in productivity when their staff have devices that they can use for work and personal reasons.
Another benefit that many businesses have noted when staff are allowed to use their own devices is that it makes remote work or working from home a valid option. This can have another knock-back effect on a business’s finances as they can save on overhead costs from renting (or purchasing) large office spaces, boardrooms, etc. However, there are also BYOD problems and legal aspects before jumping on the bandwagon.
What legal aspects should you consider when opting for BYOD?
BYOD problems can cause a company major legal litigation if the business isn’t aware of the potential risks and has policies and practices in place to mitigate those risks. In the case of allowing employees to use personal devices for work, many BYOD legal aspects should be considered and laid out for all to see and understand. Some of the questions that spark these concerns include:
- Who’s responsible for paying for a device?
- What if the device breaks; who is responsible for covering the repair costs?
- If a device has to be upgraded, who will cover those costs?
- Although these concerns are very financially motivated, other concerns also cover data protection, privacy, and more.
Costs and payments
In a BYOD setup, the employees use their own devices for work. This means that the employee buys their own device (either outright or through a leasing plan) and pays for their own cell phone plan. The company might reimburse the employee for using their own device through a stipend, but this is largely dictated by state law. With the growing popularity of BYOD setups, more states obligate business owners to cover employees’ business expenses. This should cover at least a portion of the cost of a wireless voice and data plan.
Repairs and maintenance
When it comes to repairing and maintaining personal devices used for work, the law is still rather vague. Since the employee owns the device, many businesses might argue that it is the employee’s responsibility to pay for any damages or maintenance needed on the device.
However, some businesses would pay their employees a stipend to cover some of the expenses, although this is usually a general stipend paid every month and not necessarily a specific payment to repair a device. At this stage, businesses can still decide how they prefer to handle the financial implications of paying for a device and maintenance and repairs. This should be clearly set out in the business’s BYOD policy.
BYOD and data protection
This is one of the biggest concerns that businesses and employees have. Personal devices aren’t as well protected as company networks and systems. So if an employee uses their device for work and has frequent access to data, networks and various systems, this can become a major vulnerability and give cybercriminals an easier access point.
Control over the device is also a gray area, and as such, the employee might be using apps that can track or monitor their actions, such as Facebook, WhatsApp, etc., while connected to the business network. These can all lead to data breaches which can be devastating for a company.
Privacy is another major concern. While the GDPR and similar regulations protect consumer and employee privacy in Europe, businesses also have a responsibility to protect sensitive company data. This can be extremely challenging in a BYOD environment as the device doesn’t belong to the employer. Monitoring or deleting any company data from an employee’s device can feel like an invasion of privacy. Who wants their supervisor looking around on their phone?
BYOD usage agreement
Suppose your business decides to adopt a BYOD system. In that case, there has to be a very clear policy in place that dictates how these devices are used, what rights the employer and the employee has, what responsibilities each party has and more. This is a critical BYOD legal aspect that must be carefully considered and set up. As businesses’ needs are different, there are no one-size-fits-all templates that can be downloaded and used. Instead, business owners, HR, IT and legal departments need to come together to sort out this policy.
Regarding your policy on BYOD, the labor law should also be respected, and the policy should still meet the labor law standards to be considered legal. Here are a few key features to consider for your BOYD usage agreement policy:
- Using MDM software to create virtual partitions between work and personal spaces on a device.
- Determining which types of devices will be allowed and what company data these devices will have access to.
- Decide if all employees or only certain employees (such as those working remotely) will be permitted to use personal devices and clearly define why that is.
- Clearly state the employer’s right to access and delete company information from an employee’s phone, and clearly define this process keeping in mind the employee’s rights to privacy.
- Specify if any other forms of monitoring may be used, such as GPS location tracking, etc.
- Clearly explain how the company will protect the employee’s personal information.
- Provide notice before any company data is wiped from an employee’s device.
- Put data protection measures in place.
- Designate who’s responsible for authorizing work-related app downloads.
- Frequently re-evaluate and update policies as the BYOD environment evolves.
BYOD disadvantages and solutions
There are some advantages regarding costs and productivity by allowing employees to use their personal devices for work. However, the BYOD disadvantages and legal risks outweigh the benefits for many companies. There are just too many BYOD legal and organizational aspects that can be forgotten, misplaced, or ignored. When that happens, the business, employees, and even consumers could suffer.
Instead, your company could look to phone rental as an alternative. When using a Phone-as-a-Service (PaaS) provider like Everphone that offers a rental option, you can procure high-end devices for your employees at the best costs possible. These devices will come pre-installed with the necessary MDM and other measures to remain GDPR compliant, ensuring your employee’s privacy.
The IT department will also be able to monitor the device’s workspace remotely, installing updates, firmware, and other security features as needed and will be able to remotely wipe the company data from the device if it’s lost or stolen. Also, when the device becomes outdated, they will dispose the security of the device sustainably. Renting a device is a win-win; companies pay what’s within budget, and employees get a good device with ample security and privacy.
While allowing employees to use their devices for work has benefited many companies, the BYOD legal aspects are becoming too much to ignore. If you decide to continue with a BYOD arrangement, make sure that you’re aware of the legal implications and have the necessary policies to ensure that the business and employees are being protected. Alternatively, you might also consider renting phones where some of these legal issues aren’t present.