My Device, Your Rules: Effectively Navigating Legal Risks and Privacy Rules for BYOD Employees

byod_rules

You are invited!

To work, that is.

Please arrive at 9:00am ready to produce and BYOD. That’s “Bring Your Own Device” for those of you who can hardly hear yourselves think over the noise of the 6 year old tower you currently call your work computer.  Some call it BYOT – Bring Your Own Tech – but the practice and its risks are best reflective by its other pseudo-acronym, BYOB – Bring Your Own Behavior. No matter what you call it, BOYD means employees are granted permission to use their own computers and smart devices in completing their daily work. In a BYOD environment, personal computing devices access company data and info and move it all through the hardware and software of the employees choosing.

Increased productivity and morale are listed among the benefits of offering a BOYD option to staff and with many employees already working on personal devices at least in a limited capacity, firming up the partition between work and personal devices is getting tricky. Most of us know better than to mix our personal and professional lives, but a virtual mashing together of our work and personal information can end as badly as drinking too much at an office party. You may not get fired, but no one can un-see your underpants.

BYOD: The Good

From an employee standpoint, using your own device means selecting apps, programs and organizing tools that work for you personally. Sure there will always be company forms and databases that need attention, but much of the workflow is controlled by the individual and accessible when and how they want it. It also gives employees the luxury of quickly and seamlessly keeping up with their personal lives receiving and responding to messages from daycare, doctors, and other “life stuff” between work tasks.

BYOD: The Bad

With great power comes great responsibility. Personal computers and devices tend to have lower security compliance, and with company data coursing through a pack of rogue-ish devices, employees are on the hook for keeping it safe. From an employer’s perspective, ensuring proper security encryption and use of data on a number of outside devices controlled by as many individual users can mean a security nightmare in the event of a breach.

BYOD: The Ugly

Employees in a BYOD environment may also be trading privacy for familiarity of their own devices. According to Dale Jonathan, director of marketing at FiberLink, creators of management solutions for mobile devices in the workplace, “You get access to corporate resources such as mail, and an IT manager gets access to your device,” That’s right, it’s a two way street.  Your company can access your email, files and everything else on personal device including deleted files, photos and texts.

In a recent Harris Survey requested by FiberLink, 76% of employees polled said they would go without corporate email if it meant their boss could see the apps on their device while 75% said they wouldn’t want any connection that enabled their employer to locate them with GPS during working and non-working hours.

The BYOD Conundrum

This creates a legal, moral and logistical head scratcher. BYOD privileges also mean companies have the right to wipe an employees’ entire device if a security breach is suspected. Employers need to ask themselves how much they trust their employees with company info and employees must ask themselves if they’re comfortable having their text messages up for grabs. All the confidentiality agreements in the world can’t undo the damage of personal or business data leak.

The dilemma of company security vs. employee privacy is only just beginning. Although most employers have better things to do than cruise mundane texts reminding you to pick up milk on your way home, their right to accessing a BYOD device remains fuzzy. For more information about BYOD issues click here.