As with any new undertaking in a business, the first and most important step is to create a strategy for its development and implementation. And as with any new strategy, one of the first and most important considerations is how to handle the legal issues surrounding this new undertaking.
As business after business embraces BYOD (Bring Your Own Device) policies, one of the key issues that must be addressed in developing their strategy is that of employee privacy. When a business provides employees with a company-owned mobile device, then the policies for employee use are clear-cut: The device may be used for work-related purposes alone, and the company has the right to monitor employee activity on the device, even if he or she is checking personal email or posting to their personal Facebook page.
However, when it comes to a company monitoring an employee’s use of their own privately-owned mobile device, the waters become much murkier.
There are three main areas in which employee privacy concerns must be addressed when implementing a BYOD policy:
1. Location Monitoring: For many companies, the ability to monitor a mobile device’s location at all times is one of the biggest benefits of a BYOD program, whether it’s used to track deliveries, find quicker routes, or even to locate the mobile device in case it is lost. And most smart phone users today are accustomed to being tracked in this way, due to their own personal use of GPS or other apps that access their location.
But most of these consumer apps also come with the ability to disable the location-tracking capability, so that those who are not comfortable being tracked can remain off the radar. Questions about whether or not an employer can force an employee to enable location-tracking fall under the domain of contract law; in other words, as long as a business lets their employees know in writing that their locations will be tracked during business hours, and the employees agree to that by choosing to remain employed there, it’s perfectly legal.
2. Personal Use: Another tricky question is that of a company’s right to monitor an employee’s personal use of their own personal mobile device during non-business hours. Because that device is connected to the company network, some businesses feel it is important to keep an eye on its use at all times, to ensure that private company data is not being compromised. But what employee wants his company watching his every move online?
The key here, again, is informed consent. Your company’s BYOD policy should spell out exactly what will be monitored and when, and obtain consent to do so from each employee, as a condition of allowing them to bring their own device.
3. Private Data: Finally, how much access should a company have to its employees’ private data, stored on the same device as important company data? And what if in accessing that data, an enterprise finds something they feel should be reported to the police, or unearths a conflict of interest, such as an employee also performing work for a competitor?
Once again, obtaining informed consent is the only way to prevent legal problems. If your company needs to have access to that private data, you must let employees know in writing, and obtain their signatures agreeing to the set-up.
By taking the simple step of obtaining informed consent from all employees before implementing your BYOD program, your company can avoid any legal issues that might arise from tracking or monitoring the devices. In this way you can reap all the benefits of BYOD, without having to worry unduly about employee privacy concerns.