What do businesses need to consider before allowing employees to use their own devices for work? Photo via Jakub Zak/Shutterstock
BYOD is a business trend that’s here to stay. In the first of a two-part series, Mason Hayes & Curran looks at what organisations need to consider when adopting this as a policy.
Bring your own device (BYOD) – where companies allow employees to use their own mobile phones, tablets, and/or laptops for work – is a practice that is quietly growing year by year.
In fact, in a study conducted by Tech Pro Research late last year, 74pc of respondents said that their organisation either already allows BYOD or is planning to do so within 12 months. Further, numerous studies have shown that employees of organisations that do not allow BYOD are increasingly using unauthorised personal devices at work.
And yet, this widespread practice often receives little more than a passing consideration at many companies. Given some of the exposures outlined below, every organisation should consider the legal implications of this trend and decide what measures are needed to mitigate the risks.
Why BYOD?
Employees often like access to the latest technology, but having to provide it for all employees (and gauging what everyone will want next year) can quickly become a very expensive rat race. But supplying certain employees with the latest technologies while leaving others without might segregate colleagues into the ‘haves’ and ‘have-nots’.
With limited IT resources – both from an equipment standpoint and in terms of available in-house IT support – companies are quickly realising that BYOD might be the answer.
Allowing BYOD enables employees to have the tools that they need without requiring the company to spend excessively or make value judgements as to whether certain departments or employees are worth the expense. Additionally, allowing employees to use tools with which they are more familiar might mean less time diverted from work and fewer after-hours calls to IT. Likewise, the increased flexibility as to how and where tasks can be completed translates into an increase in employee efficiency and productivity.
‘Even if your company does not allow BYOD, the chances are your employees may be using personal devices for work anyway’
It should be noted that BYOD may not be right for some organisations, such as certain government entities or companies that manage extremely sensitive financial information and are required to have strict information-control processes in place. In these cases, it would be beneficial to have a document in place that explains the organisation’s policy with regard to BYOD, the rationale for this policy, and any consequences for breaching it.
Setting clear guidelines and helping employees understand these external restrictions and obligations on the organisation makes it more likely that employees will comply with the procedure and helps clarify any remedial measures to be taken.
Even if your company does not allow BYOD, the chances are your employees may be using personal devices for work anyway. As a result, a change to BYOD policy is worth considering and, in any case, it is prudent to address the issues discussed in this article.
What are the risks of BYOD?
The two biggest risks with BYOD are:
1. Employees inadvertently jeopardising the security of the company’s networks
2. The company inadvertently breaching its employees’ rights to privacy
Both risks are intertwined, as the company will likely need to monitor the employee’s device to ensure that the company’s network is not being compromised. Additionally, both risks can lead to damage to the company’s reputation, costly investigations by regulatory bodies and protracted litigation.
Luckily, both these risks can be mitigated by thoroughly considering the legal implications, and drafting a clear and comprehensive BYOD policy that addresses them.
The BYOD policy fit for your company
It is important to remember that there’s no ‘one-size-fits-all’ BYOD policy. Each company needs to approach BYOD as it does any other significant change to its processes – by analysing the organisation’s needs and formulating a strategy that complements it. The employees’ requirements and the company’s capabilities should be evaluated in tandem.
With that said, every BYOD policy should address the considerations that are applicable at different stages of the employment life cycle.
Check back next week for part two of this series, where we will discuss the privacy and personal device considerations that can occur in the three stages of the employment life cycle and how they can be addressed in the BYOD policy.
Tech Law is a weekly series brought to you by Irish law firm Mason Hayes & Curran, whose legal tech team advises the world’s top social media organisations and emerging start-ups. Check out www.mhc.ie for more.
Want stories like this and more direct to your inbox? Sign up for Tech Trends, Silicon Republic’s weekly digest of need-to-know tech news.
BYOD image by Jakub Zak via Shutterstock
