Companies, big and small, spend a large amount of resources on IT infrastructure, IT logistics, and IT support. A quality workforce could become disorganized and swiftly crumble if employees cannot communicate quickly and effectively. This IT burden is a significant and often costly one, to which many companies dedicate a vast amount of human and financial resources. In an effort to alleviate some of this burden and stay competitive in the marketplace, companies, especially many small businesses, have started to develop and implement bring-your-own-device (“BYOD”) policies.
A BYOD policy is fairly straight forward. Rather than providing company owned electronic devices (e.g., a smart phone, tablet, and laptop) to employees, an employee is simply allowed to use (i.e., brings to work) his or her personal electronic devices. A BYOD policy eliminates the proverbial company-provided device. In a BYOD workplace, the company provides the hardware and storage for the information, and the employees provide the devices through which that information is accessed.
It gives employees freedom to choose. A BYOD policy allows employees to choose the type of device they want. It is difficult for companies to be flexible in their technology offerings. Most hardware only becomes affordable when bought in relatively large quantities. And no matter what the option is, no single option will ever please everyone. Just ask the next person you see with an iPhone if he or she would mind switching to Android, or Nokia, or anything besides the iPhone. With a BYOD policy, employees are free to choose their own device—relieving the company of that decision.
It is also less expensive for the employer. A BYOD policy can significantly reduce day-to-day IT costs, as well as upfront costs for smaller or emerging companies. For example, think of all that comes with just one smart phone: the phone, a charger, multiple cables, an equal number of adapters, replacement parts, stands/cases/covers, and the nearly constant managing of firmware and software updates. A BYOD policy can significantly, if not entirely, reduce these hassles and costs.
BYOD policies are a recent invention, so unfortunately there isn’t yet a well-established body of law. In fact there aren’t any publicized disputes or litigation in which a BYOD policy took center stage. But the scenarios that could trigger such disputes are not difficult to imagine:
Who owns the phone number? On their personal devices, sales employees make hundreds of calls a day to current and prospective clients. An employee leaves the company, but clients continue to call the former employee on what they believe is a company phone number. Can the company obtain the rights to the former employee’s phone number? Did the former employee relinquish the rights to his personal phone number by using it at work?
Does checking e-mail count as overtime? This is already a hot topic in employment law. Over 200 police officers recently filed a lawsuit in Chicago claiming that they are owed millions of dollars in unpaid overtime for checking e-mails and taking calls on city-issued BlackBerrys, outside of normal working hours. BYOD policies grant hourly employees tremendous freedom to check e-mails outside of normal working hours. But both employees and their employers must remain vigilant to ensure company policies and wage and hour laws are followed. As with any workplace issue, employees should be encouraged to ask, and employers should be prepared to answer, questions about how to handle work e-mails and telephone calls outside of normal working hours.
E-discovery. The ever-expanding realm of e-discovery would certainly include most personal devices used as part of a BYOD policy, for example, parties may be responsible for the preservation and collection of the information stored on the personal devices. That preservation and collection of information on a personal device comes with its own questions, concerns, and analysis that must be carefully considered.
There are many ‘standard’ workplace policies: policies forbidding harassment and discrimination, vacation and sick leave policies, and discipline policies. BYOD policies, however, are typically company and situation specific. That said, a good BYOD policy should have some form of the following:
Lastly, there are applications/software available that create internal ‘firewalls’ on personal devices. These firewalls prevent the combining of company and personal data. The applications/software can also provide other security benefits, such as the remote locking or remote wiping of devices. Whether an employer makes use of these types of applications/software will depend on an employer’s specific needs and technological capabilities.
The body of law surrounding these issues will develop as litigation surrounding BYOD policies becomes more and more common. No doubt garden-variety tort claims will focus on the privacy interests of the employee, with other tort claims based on theories of trespass, conversion, and emotional distress (just imagine the emotional distress stemming from the mysterious deletion of vacation photos or a Facebook account from a device used as part of a BYOD policy). A number of federal laws could also be implicated, likely including: the Wiretap Act (18 U.S.C. §§ 2510–2522); the Stored Communications Act (18 U.S.C. §§ 2701–2712); and Section 1030 of the Computer Fraud and Abuse Act (18 U.S.C. § 1030). Notably, Section 1030 is a two-way street; employers have successfully brought counterclaims against employees for alleged violations of Section 1030. The extent to which attorneys will have success using Section 1030, or any cause of action, as it relates to a BYOD policy remains to be seen. But one thing is clear, technology in the workplace is here to stay. So we should not have to wait long to get our answers.
Zachary Busey is a member of the Labor & Employment Department at Baker Donelson Bearman Caldwell & Berkowitz PC in Jackson. Zachary can be reached at firstname.lastname@example.org.