Iowa Banking Law Blog

BYOD (“Bring Your Own Device”) – What Is It and Why Employers Should Care
Apr. 9, 2013The Dickinson Law Newsroom, Iowa Banking Law Blog, Iowa Employer Law Blog
BYOD

Co-authored with Sara Laughlin

We all have one – at least almost everybody.  What do we all have?  A mobile device we carry everywhere to stay connected.  This also means employees, as well as contractors and temporary workers, are carrying their mobile devices to your workplace.

BYOD is more than a trend now; it is a way of life for employees and employers.  Why should employers care that employees and other workers bring their mobile devices to work?  Because BYOD presents significant implications for employers.  Odds are good that employees are using their personal devices to access company data, with or without, the company’s permission.  Data security in the BYOD context is especially concerning for financial institutions and health care employers, but also implicates any employer storing social security numbers, financial and health information, confidential and/or proprietary information, and trade secrets.

If you don’t have a BYOD Policy, it is strongly encouraged to put one in place.  There are several considerations in developing and writing a policy:

  • Identify any limitations to the devices allowed at the workplace (e.g. type of device, on-site support for the devices, restricted areas)
  • Require password protection for devices
  • Institute limitations on attempts to enter a password
  • Program devices to time-out after a certain amount of time (e.g. five minutes)
  • Identify who owns the data on the device (it should be clear that any company data on the device belongs to company and must be returned or erased upon the employee’s departure)
  • Install GPS-type software on the device in case it is lost or stolen
  • Install remote employer access to put the phone in ‘lockdown’ mode while erasing any or all data in the device’s memory
  • Obtain an employee’s prior written consent to remotely erase data stored in the device
  • Company’s ability to backup and restore an employee’s personal data on the device while erasing any company data
  • Insure the BYOD Policy is integrated with the company’s policies which address “acceptable use” and “confidentiality” of company information

Additionally, there may be business-specific considerations that need to be addressed in a BYOD Policy:

  • Laws and regulations on storage of social security numbers, drivers’ license numbers, credit and debit card numbers, financial account numbers
  • Laws requiring customer notification of security breaches
  • Legally mandated encryption requirements (e.g. HIPPA Security Rule requires covered entities to consider whether encryption of stored data is feasible and, if not, document the basis for that conclusion)
  • Laws, regulations, or agreements requiring secure destruction of certain types of information (e.g. Fair Credit Reporting Act (FCRA) requires the secure destruction of consumer report information)
  • Court protective orders, confidentiality and/or nondisclosure agreements may be implicated
  • Litigation holds and investigations may be implicated (does the company know where all its data is stored?)
  • Wage and hour claims for employees’ working on mobile devices outside of work hours

Even with all the above, consideration must also be given to an employee’s mobile device when an employee leaves the company.  These include adding to the HR checklist and employee’s exit interview a reminder to wipe the employee’s device.  A plan should be in place to remotely wipe a device in the event of a quick departure by an employee.  Additionally, an employee’s access to company email, contact lists, and other company data should be disabled upon the employee’s departure or even sooner.

It is safe to say that mobile devices are here to stay and that employees will bring their devices to work whether or not authorized for use.  To protect the company, a written BYOD Policy is essential so that employees have clear expectations on the use of their mobile devices in the workplace.

share this page:
  • Facebook
  • LinkedIn
  • Twitter
  • Google Bookmarks
  • StumbleUpon
  • Digg
  • del.icio.us
Practice Area Categories: Banking Law, Employment & Labor Law

Latest Articles

Dickinson Law named Tier 1 National “Best Law Firm” by U.S. News

U.S. News & World Report has released its 2015 “Best Law Firms” rankings, and Dickinson […]

Fifteen Dickinson attorneys named to Best Lawyers in America list

Fifteen attorneys from Dickinson, Mackaman, Tyler & Hagen, P.C. were selected by their legal industry peers […]

Dickinson welcomes attorney Alison Kurth

Dickinson, Mackaman, Tyler & Hagen, P.C. is proud to announce that attorney Alison N. Kurth […]