Kevin Levy is a shareholder with the law firm Gunster. He is a business and corporate attorney with extensive experience providing strategic counseling for global corporations, technology enterprises and entrepreneurial ventures. Tanya M. Reed is an associate attorney with the law firm Gunster who concentrates her practice in labor and employment litigation. They contributed this article to BusinessNewsDaily's Expert Voices: Op-Ed & Insights.
Each year, employers must adapt to and address a new employee trend, or risk either losing quality employees or subjecting themselves to preventable claims. The latest trend in the workplace is the bring-your-own-device (BYOD) movement. In an era when the number of employees carrying smartphones, tablets and other devices with them at all times is increasing exponentially, it is imperative that all employers understand the challenges and risks associated with BYOD, and know the best measures they can implement to protect their businesses.
There are two primary types of challenges and risks that an employer must understand and consider when deciding how to address the BYOD trend. First, employees who use their devices for work often use these devices to access and store company trade secrets, as well as other confidential and proprietary information, even though their employer may not own or control the network or the device used for transmitting, receiving and storing this sensitive information. If an employee loses such a device, or the device is hacked, a data-security breach can occur that can have a significant adverse impact on the employer, as well as its customers and business partners. Even worse, this may occur without the employee knowing about it or reporting the incident, and the employer may never know confidential information was breached. [What is BYOD (Bring Your Own Device)? ]
To address the concern of protecting customers' personally identifiable information, 46 of 50 states have enacted statutes that impose a duty to disclose a breach to customers, and some states have gone further and imposed a duty on a business to safeguard and securely destroy electronically stored personally identifiable information.
To mitigate the potential claims, damages and loss of goodwill associated with that first type of risk, employers must act immediately to review the way mobile devices are used by their employees, and to implement reasonable data-security measures. Those efforts must protect confidential and proprietary information, as well as the confidential and proprietary information of customers and business partners.
Second, employers could face employee claims if they do not carefully monitor the use of mobile devices and do not have detailed policies in place to govern the use of mobile devices. These claims may be related to wage and hour issues, or the destruction of personal property.
For example, certain classifications of employees may be due overtime pay if they access and use their mobile devices after-hours for company purposes. Also, problems could arise when an employee no longer works for the employer and the employer wipes the former employee's mobile device of any company information that may be on the mobile device. If the employer did not obtain the employee's prior (written) consent before taking such action (and consent, at a minimum, should be obtained at the start of the employment relationship), then the employer may be subject to claims from the former employee for destroying the employee's personal information also residing on the mobile device.
The risks associated with those types of claims can be mitigated by having detailed policies and procedures in place to address those types of issues. Such procedures include an active plan to notify employees, on a regular basis, of the employer's policies about wiping mobile devices containing company information when those devices are lost or breached, or in the event of termination of employment. An employer's policy should also require that nonexempt employees cease using their mobile devices for company purposes during off-the-clock periods.
Make no mistake about it: The BYOD movement has real consequences for your business. Proactive employers will be in the best position to secure their confidential and proprietary information, and significantly reduce their risk of liability.
The views expressed are those of the author and do not necessarily reflect the views of the publisher. This version of the article was originally published on BusinessNewsDaily.