Has your company recently implemented a
bring-your-own-device (BYOD) policy or going to implement one. In short, a BYOD
policy is one in which the employer allows the employees to use their own
personal devices for work rather than requiring separate work devices to be
used. Implementing such a policy can
be a complex issue as employers must balance employee privacy needs
with legal compliance issues all while ensuring that everyone is on the safer
side.
More companies are adopting BYOD
policies and more employees are starting to expect it – particularly younger
employees who want to use their own devices.
This is something that will continue to
be on the radar. Even if your company is not thinking of this now, it may come
up in the near future as the culture changes.
The questions about drawing the line
between work and personal use and to be aware of the biggest implementation
obstacles. Here are some of the employer questions and their best possible
answers-
Q. How do you draw the line between
personal and work use (especially as it relates to visiting sites that would be
inappropriate on a work device)? This is a personal device, but used for work.
Can you discipline for visiting inappropriate sites if the employee says it was
visited on personal time?
A. Employers need to set expectations
that the devices will be monitored, and employers also need to establish what
will and will not be tolerated in terms of internet use. Then the employees
will have the option to use other devices for things that would be
inappropriate for work devices.
Q. Is there a standardized BYOD policy
that can be used to govern employee use of personal devices for work?
A. This comes down to each employer's
needs. A general, one-size-fits-all policy is not recommended since it may not
address your company's needs. You need to be sure you talk with everyone
involved, including an HR, to ensure the company's needs are met.
Q. If a company decides not to adopt a
BYOD policy, are there legal implications?
A. If you chose to not allow the
employees to access the network from their personal devices at all, there are
no legal implications in that regard. There's not a "right" to access
the network at home, for example. If the company provides a phone instead of
having employees use their own, that is also perfectly fine. In fact, it's
perfectly fine to disallow access offsite.
However, where you get into trouble is
when you let employees access the network through personal devices without
having any policy or set expectations. Employers need to ensure employees know
what level of privacy can be expected (or not expected) when accessing the
network, what actions can be disciplined, etc. Even if you're not allowing
access outside the workplace, that should be outlined.
Q. What's the most difficult obstacle
in implementing a BYOD policy?
A. Getting everyone on board is
probably the most difficult. Getting agreement – especially since there will be
additional work for some people – is often a catch. For example, the IT team
must often monitor additional devices and varied devices. Making sure the
software is compliant for all types of devices can be another area where extra
work is involved.
Any adverse situation will now add a
whole new level of complexity with the need for e-discovery across personal
devices (and it's more difficult to monitor them). Typically, high-level
executives are behind the idea because they like to use their own devices, but
sometimes they may be reticent when it comes to concerns about data security or
privacy.
No comments:
Post a Comment