Our personal devices, such as smartphones and tablets, became an accessory we tend not to leave the house without just like our house keys or wallet. This trend means that more and more employees take their own device to work. In fact there are companies that even encourage employees to bring their own device to work. Software firm LANdesk conducted research with 1,000 office workers across the UK, looking at how BYOD is changing the workplace. The survey showed 83 per cent of organisations permitting BYOD – 39 per cent of employees had purchased their own device for work purposes. The research also suggested that a medium-sized organisation of 50 people could be saving up to £150,000 over five years if they have a BYOD approach (The Sunday Telegraph, April 6, 2014). So what this means in practice is that from their first day at work employees can get down to work without the need to learn the company’s IT system and better still, companies are saving thousands and thousands of pounds. However is it that simple? Or is it “costing” employers in another sense?
A major concern for employers is security and leakage of data. Furthermore, many employees tend to have more than one device so there needs to be control not over just one device but perhaps two or three devices per employee. Employers must remember that their employees’ use of personal mobile devices for commercial purposes gives rise to bigger risk in terms of the security and IT resources of the company as well as communications systems. Employers need to protect confidential and proprietary information, they also need to protect the organisation’s reputation and comply with legal obligations. Questions such as to what degree are employees responsible for carelessness on personal devices which impacts on the employer? Does the employer have any control over what data is loaded onto a personal device? There is the other increasingly growing problem of how do you manage bad publicity and lost data releases?
If you are following this trend or intend to allow BYOD in your company it is essential to have a policy allowing your employees to use their own devices at work while at the office as well as outside their working hours. Your policy would need to cover a number of issues, in particular the following: acceptable use, your right of access, what happens when an employee’s employment comes to an end, information security as well as issues relating to technical integration. At least with a work place device you can cut off access if needed but this power is not available with a BYOD device necessarily. If you would not give your employees control over the bank account you should think twice about giving them control over your intellectual property and confidential information.
Roselyn Knight is a partner at the London employment law practice of Gannons and specialises in employment law and increasingly advising on matters relating to information technology related risks. Roselyn works with employers to implement effective policies suitable for a modern office. Please do call Roselyn on 0207 438 1062.