How In-House Counsel Can Help Mitigate BYOD Risks

By Casey C. Sullivan, Esq. on March 02, 2016 | Last updated on March 21, 2019

You check your work email on your phone, have a copy of your weekly schedule on your personal tablet, and access company docs from both your work and home PCs. Welcome to the age of BYOD: bring your own device.

BYOD policies -- be they official or informal -- allow employees to bring their personally-owned tech devices to the workplace and use them to access privileged information. And with BYOD comes plenty of risk. Here's how corporate counsel can help protect against them.

BYOD Brings Significant Risks

The goal of BYOD is convenience and ease of access. There's no need to switch to a company phone when messaging colleagues, or to lug your work laptop home when plan on doing some late-night drafting. And, of course, there's the savings passed on to employers, who no longer have to issue and maintain company smartphones or tablets. But BYOD comes with a trade off.

Here are just a few examples of the complications a BYOD policy can bring:

  • All Those Texts Are Discoverable: It's now more or less routine to include texts and instant messages in eDiscovery requests. But the informal nature of texting, coupled with a more relaxed approach to communications on one's own device, could lull employees into making statements they might otherwise be more careful about. The commingling of personal and business information has led some to describe BYOD as "bring your own discovery nightmare."
  • After-Hours Email Could Be Considered Work: If you're always connected to work communications, you're always on call. And some workers, sick of answering emails off the clock, have taken to suing for back pay. Further, some courts have found that workers must be reimbursed for the costs of using their own devices on the job.
  • And, of Course, the Hacking: The more diffuse important company information is, the more vulnerable to hacking it will be. A misplaced phone or compromised WiFi connection could lead to an embarrassing and costly data breach.

Yet despite these risks, BYOD doesn't seem to be going away anytime soon. Some predict that half of employers will have mandatory BYOD policies by 2017.

Get Your Policies and Data Management in Order

Having clear, easy-to-understand BYOD policies can help mitigate against some of these risks. Employees should be informed that their communications could become the subject of litigation and trained on proper communication protocol.

Those policies should also touch on when it is acceptable to use your own devices for work purposes and when it is not. Consider as well whether you'll need to cover employees' device costs either outright or in part.

As always, such policies should be clearly explained and consistently applied.

You'll probably want to implement a mobile device management strategy as well. So-called "MDM solutions" can help you monitor data usage, prevent misuse of devices, and protect certain types of confidential or regulated data. They can even send employees notices to knock it off when they're playing Candy Crush on company time. And, perhaps most importantly, a good MDM can regularly and selectively wipe corporate data from individual devices, while retaining data for company records.

FindLaw has an affiliate relationship with Indeed, earning a small amount of money each time someone uses Indeed's services via FindLaw. FindLaw receives no compensation in exchange for editorial coverage.

Related Resources:

  • The Ten Commandments of BYOD (MaaS360)
  • BYOD e-Discovery Risks: Implementing Policies and Procedures (FindLaw's In House)
  • Does Your Company Need an After-Hours Email Policy? (FindLaw's In House)
  • 3 Ways In House Counsel Can Facilitate Innovation (FindLaw's In House)
  • Copied to clipboard