By Allie Philpin
A friend told me the other day that his company, a 4,000-employee corporate organisation, has issued new guidelines to using personal mobile devices and any employee wishing to use their own device was to liaise with the IT department who would take their device and upload the applications relevant to their role. My friend is delighted; at last he can access the applications and files he needs to when working at home! But he couldn’t understand my hesitation in joining in with his elation… until I pointed out the security and legal issues.
The growth rate of BYOD (Bring Your Own Device) is phenomenal and the trend is certainly proving popular, which is great, but as an organisation employing people, you have a responsibility to ensure that your workforce is aware of the legal issues pertaining to BYOD, from both sides of the fence!
A recent study cited that 50% of all Britons currently use their personal smartphones and other mobile devices for work; that survey also claimed that only a handful of participants actually had the right legal framework and relevant security levels implemented to accommodate BYOD.
Ok, so the BYOD trend didn’t start with the boardroom. Employees had access to better, smarter, trendier mobile devices than their companies were willing to provide, and these devices gave them better access to information which meant they could do more ‘on the move’. Then the boardroom jumped on the bandwagon with their personal devices, principally iPads; you can just imagine the pressure being placed on IT departments from both sides to integrate their IT applications and systems with these digital devices, and who started to tear their hair out over the security issues and functionality!
But there’s also the legal risks and whilst IT managers are starting to get through to the boardroom in highlighting the issues, both are forgetting to explain these issues to their employees. Of course, there are significant advantages to BYOD: flexibility, mobility, productivity, motivation, accessibility, cost efficiency… But when company information, some of which could be of a sensitive or confidential nature, is stored and processed on these devices, the employer (or IT department) no longer has direct control. So, how do you protect that data?
There are four legal areas that are applicable to BYOD:
• Data protection law – data protection, data security and confidentiality.
• Employment law – consent, duty of care and working hours’ regulations.
• Copyright law – potential license infringements when using apps for work.
• General civil law – property rights, potential damage compensation and intellectual property.
The area that probably requires the most attention is employment law; any employer that issues control measures within their BYOD policy need to also supply and conclude a works agreement. Just issuing a one-sided BYOD policy is no longer enough when it comes to employee rights. No employer can assume that they the right to monitor and analyse GPS data to find out where their employees have been, nor can they check out the websites visited or emails sent. And then there’s the regulations to working hours, or overtime…
So, before you go ahead and implement your BYOD policy, make sure you’ve addressed the legal issues. Needless to say, my friend will be raising these issues with his company before he meets with his IT department.