BYOD (Bring Your Own Device) is a subject every company must think about these days. Whether or not the enterprise likes the idea of allowing employees to connect their own smart phones, tablets, and other devices into the corporate systems, the fact is workers are going to do it. One survey found that 46.8 percent of employees use their own smart phones on the job, and 30 percent of those users do so in direct violation of the stated policy of their company.
When employees use mobile devices for company business, the company may find itself facing potential legal liabilities for which it may not be prepared. Here are a few of the most prominent:
Fair Labor Standards Act (FLSA) compliance
Many employees love being able to tap into the corporate network from their own device because it gives them flexibility regarding when they can get work done. For example, they can read and answer emails late at night if that fits their schedule. But if an employee is non-exempt, the FLSA requires that any work over 40 hours be compensated as overtime. Companies must ensure that any such extra-hours work is recorded and paid.
Notification of data breaches
When an employee leaves the company premises with a mobile device that has access to the firm’s network or systems, confidential data may also be leaving the premises. If, for example, a smart phone is lost or stolen, the company’s data may now be insecure. In such cases, the employer may have a legal obligation to report a potential data breach to customers or government authorities.
When company data, including texts and emails, is stored on an employee’s device, that information may be subject to discovery in the event of litigation or other types of legal proceedings. The employer must ensure that such data is preserved. One company was slapped with a fine of more than $900,000 because employees had not been required to save job-related text messages stored on the workers’ phones.
These examples of just some of the legal liabilities employers may face when their workers access corporate data through their own devices illustrate the point that every company needs a well thought out BYOD policy.