When the pandemic hit about two and a half years ago, thousands of employees suddenly found themselves working from home. In many cases, this meant turning to personal devices to access their work email, handle documents and perform other tasks. Even before COVID, more and more businesses were allowing employees to use their own phones, tablets and laptops for work. By now, many companies have established firm bring-your-own-device (BYOD) policies. Other businesses, however, have taken a more informal approach, allowing their company device policy to evolve with minimal documentation. Whichever camp your company falls into, it’s a good idea to regularly review. Also, if necessary, formalize your BYOD policy.
A comprehensive BYOD company policy needs to anticipate a multitude of situations. What if:
Other key questions to address include:
Payment policies vary widely. For example, an employer might pay for an unlimited data plan for employees. Any charges above that amount are the employee’s responsibility.
This is a big deal for salespeople and service representatives, especially if they leave to work for a competitor. Customers may continue to call a rep’s cell phone, leading to lost sales for your business.
A company device policy should require employees to not only use passwords, but also implement two-factor authentication if feasible. In addition, users need to set up their devices to lock if left idle for more than a few minutes.
A BYOD policy needs to address the fact that using a personal device for work inevitably opens the door for an employer to access personal information, such as text messages and photos. State that the company will never intentionally view protected items on a device, such as privileged communications with attorneys, protected health information or complaints against the employer that are permitted under the National Labor Relations Act.
In case your business becomes involved in a lawsuit, its data retention policies should address how data is stored on mobile devices and gathered during litigation. Keep in mind that Rule 34 of the Federal Rules of Civil Procedure covers all devices, including personal ones that access a company’s network.
Formalizing your employee electronic device policy should involve spelling it out in a written user’s agreement that all participants must sign. Consult a qualified attorney in drafting such an agreement. Contact us for help assessing the tax and financial impact of allowing employees to use personal devices vs. buying technology assets and providing them to your workforce.