Increasingly, companies and firms are permitting their employees to use their own smartphones, tablets, and other devices, rather than issuing company-owned devices. This practice is known as “bring your own device” or BYOD.
Allowing personnel to BYOD can have many benefits including making employees more comfortable using the devices for work since they can use the devices they choose, and increased productivity as employees are more eager to work on familiar devices, even when outside the office and during non-work hours. Personnel who use their own devices usually find it easier and more convenient to perform their duties.
There are also many companies that report a substantial cost savings with BYOD policies, although some companies report that these policies have increased their costs. The companies that have incurred an increase in expenses appear to have needed to expand their IT departments to provide support for a broad range of devices.
As with most policies, with benefits come some risks and in the case of BYOD policies, these risks may be significant. Employees who use their personal devices for work may download apps without realizing some apps may pose security risks. Personnel may also upload documents or data to file transfer services, whether inadvertently or intentionally. Some firms are disabling public file transfer programs in favor of a program that is controlled by the company. Having personal and business email accounts on one device also permits personnel to more easily forward to and respond emails from their personal accounts, causing some employers to prohibit such actions.
It is difficult to control data on an employee’s personal device. In order to investigate potential problems, employers should reserve the right to monitor and inspect employees’ devices. BYOD policies should include requirements and procedures for when an employee leaves the company. Some employers require employees to submit their devices for cleanup when they leave the company. Other firms install software on employee devices that permit remote wiping of all company data from an employee’s device, which may be particularly useful if a device is lost or stolen.
BYOD policies may also complicate e-discovery collection. If a company’s BYOD policy claims ownership of all company data and information on an employee’s device, the device will likely need to be mined for responsive data. This not only increases the time, expense, and effort to collect responsive data, it also inconveniences the employee. Further, accessing an employee’s personal device runs the risk of violating the employee’s privacy.
Companies and firms that permit BYOD should thoroughly research the legal, logistic, IT, and financial issues affected by allowing employees to use their own devices, and carefully develop BYOD policies that address these issues as well as each party’s rights and responsibilities. The employer will also need to make a significant effort to educate its personnel regarding its BYOD policies. Implementation of BYOD policies should also include detailed processes and procedures for maintaining security and auditing compliance.
Ellen Lockwood, ACP, RP, is the Chair of the Professional Ethics Committee of the Paralegal Division and a past president of the Division. She is a frequent speaker on paralegal ethics and intellectual property and the lead author of the Division’s Paralegal Ethics Handbook published by Thomson Reuters.