With technology developing at an ever increasing rate a particular matter for employers is whether or not they should allow employees to access company information from their own personal devices. This is known as Bring Your Own Device (“BYOD”) or Bring Your Own Technology (“BYOT”).
With the proliferation of smart phones many businesses feel that they are unable to stop employees from bringing such devices into the workplace. Some employers are allowing the use of personal devices for work purposes and contributing to their cost. Reasons for doing so include:
- Improved staff morale
- The perception that the employer is forward thinking or even technologically advanced
- The flexibility amounts to a kind of perk or benefit
Along with the perceived benefits there are risks, such as;
- Damage to IT systems and corporate reputation
- Loss of confidentiality (relating to personal information of staff or customers)
As the device is owned and maintained by the user, rather than the employer, the employer will have significantly less control over the device than a device owned by the company.
An employer who is considering the implementation of BYOD should consider implementing security measures to prevent unlawful or unauthorised access to the businesses systems. This could be in the form of requiring a strong password, use of encryption technology or ensuring that the device will lock if incorrect passwords are entered.
Away from the technology, employees should be trained on the use of the devices and what information should and should not be stored on such devices.
With those points in mind employers would be advised to introduce a BYOD policy to govern how the system is to work and what rules the staff should abide by. Such a policy should:-
- Set clear rules on how devices should be used
- Explain what data should be kept and what data should not
- Explain if and when monitoring will take place
- Explain what is to happen on the loss of a device
- Set out security requirements
- Clarify who owns the device particularly if the employee receives an employer contribution
- Set out what will happen on the termination of employment
- Require that passwords be shared on a reasonable request
Finally, the employer should take steps to train their staff on the standards that are expected of them.
This briefing has been produced for information purposes only and is based on the law and other information available at the time of writing. We cannot be held responsible for any losses incurred through acting or failing to act on the basis of anything contained in this briefing.
If you require advice on any of the matters referred to, please contact us so that we can advise you, taking account of your own particular circumstances and requirements.