Legal Issues When Employees Use Devices to Conduct Company Business

We live in a mobile age, and if you have employees, there is no doubt that they may or could do some company business, on their personal devices, or on devices that are owned by and issued by your business.
But anytime there are devices involved in or are doing company business, no matter who owns those devices, you need to have company procedures and policies in place to manage the devices or the information on them. This is especially true if employees are using their own personal devices, because many employees mistakenly believe that any data or information on their personal devices must automatically belong to them.
And while that isn’t necessarily true, it will help you greatly should there be a legal challenge, to have policies and procedures that detail who owns what information.
Privacy of Personal Customer Information
One thing to consider is the privacy of information related to your customers or clients.
Many of our personal devices don’t have the firewalls or encryption or privacy standards or protocols that our corporate devices and computers have. That means that your company could be at risk for a data breach or data breach, if private and confidential data is compromised on an employee’s personal device.
The best policy would be to require that all employee’s personal devices have the required security standards or software to encrypt and protect customer data. But anytime you tell employees that they have to have company software or standards on their personal devices, you’re going to get pushback.
Who Owns the Data?
Many understandably believe that whatever is on their personal devices, belongs to them. But when personal devices are used for company business, that line is blurred.
You should always have a policy that addresses ownership of company data and documents, specifically, that all information owned by the company must be returned to it when requested, and must be able to be accessed by company managers or supervisors whenever needed or requested.
Preservation of Information and Evidence
We tend to delete things off of our personal devices without thinking about it. But that can lead to employees deleting important company information—or information that could be evidence in any potential litigation your company is involved in.
Again, it’s hard to tell employees what they can and cannot delete from their own devices. But when it comes to company policy, that should be addressed—as should lessons and training in what kind of data needs to be preserved, when, and how.
The Solution Isn’t Cheap
The easy solution to these problems is also the more expensive one: have the company provide employees with devices to use remotely, and insist that company business be done on only those devices. But that creates a significant cost—not just for the devices, but for the IT manpower needed to set them up, repair and maintain them, or deal with technical support issues related to them.
Are your policies and procedures up to date and do they address what you need them to address? Call our Fort Lauderdale business lawyers at Sweeney Law P.A. at 954-440-3993.
Source:
ibm.com/topics/byod#:~:text=BYOD%2C%20or%20bring%20your%20own,and%20perform%20their%20job%20duties.