As with any new business endeavour, the most important first step is to develop a strategy surrounding how to best develop and implement the new undertaking. As is the case with every new business strategy, it is important to uncover and understand all of the potential legal and compliance issues.
As businesses begin to embrace bring your own device, or BYOD, policies, the key issue that keeps coming up in conversation is employee privacy. When a company presents its workforce with company-owned mobile devices, acceptable use policies are straightforward and to the letter: The device must only be used for business purposes, the company has the right to monitor any and all activity the occurs on the device – even personal data.
However, when it comes to employee-owned devices that are being used for work purposes, the line isn’t drawn as distinctly in the sand.
There are three primary areas where employee privacy needs to be addressed in any BYOD policy.
- Location Monitoring:
In the big picture of things, the ability to monitor the location of a mobile device is one of the biggest advantages to a BYOD program, whether it is used to track delivery status, find faster service routes, or even to locate misplaced devices. The majority of the smartphones in the market today are equipped with onboard GPS or other location tracking elements.However, most of the consumer locations tracking apps available also come with the ability to disable this functionality, offering peace of mind to those who are uncomfortable about the idea of having their every move monitored. Questions pertaining to whether or not an employer has the right to track an employee during working hours all fall under the scope of contract law. Simply put – so long as the company advises the employee, in writing, that they must keep their location-tracking enabled on their device as a condition of employment, no laws are being broken.
- Personal Use: Another relevant, yet complicated, the question is whether or not a company can legally monitor an employee’s personal use of their own personal device outside of business hours. Since the device remains connected to the company network, many businesses believe that it is important to monitor all use in order to safeguard important company data. Few employees want every element of their personal lives being watched.This is where informed consent comes into play. The BYOD policy at your company must clearly state exactly what is to be monitored and when, and then you must obtain consent from each affected employee.
- Private Data:
Lastly, how much access should a company be given to the private data stored on the personal device of an employee.? Should the company access the private data – on the privately owned device – and find something they believe should be reported to the authorities or information that results in a conflict of interest, what level of accountability or involvement should exist?
Informed consent is the only way for companies with BYOD policies to prevent possible legal issues. Whenever your company needs to have access to private data – on a privately owned device – you are obligated to inform your employees in writing and to obtain their consent via signature.