Rachel Ashwood: Bring your own devices to work: An employment practice to be encouraged or restricted?

-

Last week, Apple posted the biggest quarterly profit ever made by a public company; a clear sign that the proliferation in use of mobile technology is not showing any sign of abating.  With more employees owning sophisticated tablets and smartphones than ever before, businesses that perhaps once thought the Bring Your Own Device (BYOD) phenomena may go away, are facing continued requests from employees to allow them to use their personal devices for work purposes.

Encourage…

On the face of this, surely BYOD is something to be encouraged?  Allowing employees to access their business e-mail account, contacts and documents outside of the office, means they can work remotely at any time of day.  The parameters of the working day are stretched, which must in turn lead to increased levels of productivity.  BYOD can also mean cost savings for organisations, if it is the employee (rather than the employer) that is purchasing the device the employee uses to staying in contact with work outside of core working hours.  Whilst potential increased productivity and cost savings are enough for some businesses to embrace BYOD, others have also seen the practice as a useful tool to enhance employee wellbeing and thereby improve staff retention rates.

Restrict…

If the BYOD debate is so clearly one-sided, why are not all businesses jumping on the BYOD bandwagon?  The answer lies in the fact that the potential benefits go hand in hand with increased security, data protection and managerial issues for employers.

Let’s take an obvious example.  What happens if an employee leaves their mobile phone on a train on their way back from work?  Clearly, losing a phone is no more likely to happen if an employee uses his phone for business and personal purposes rather than just personal use.  However, the consequences of losing work, business contacts and other confidential data are so much greater if the device is used for business use.  Or, what if an employee’s child accidentally uses his parent’s tablet to e-mail a key potential client?  Are the consequences of this just embarrassing or could they genuinely jeopardise the business?

Get our essential weekday HR news and updates.

This field is for validation purposes and should be left unchanged.
Keep up with the latest in HR...
This field is hidden when viewing the form
This field is hidden when viewing the form
Optin_date
This field is hidden when viewing the form

 

Very importantly, employers are data controllers under the Data Protection Act 1998 (DPA) and as data controllers, they have a duty to ensure compliance with the DPA in respect of data that is processed.  Specifically, the seventh data protection principle requires that “appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data”.  The employer’s obligations apply irrespective of who owns the device upon which the data is stored and it is all too obvious to see that the employer’s responsibilities become more difficult, where the employer is not the owner of the device.

Proceed (but with caution)…

The view amongst many organisations is that having balanced the potential benefits against the perceived risks of BYOD, it is an approach to be embraced, provided that it is managed in an effective way.  Helpfully, at the end of 2014 the Centre for the Protection of National Infrastructure (CESG) published guidance for organisations that are both considering and already operating a BYOD approach.

In light of the CESG guidance and based on our experience of dealing with BYOD issues, the key issues that employers should consider in connection with BYOD are as follows:

  • Create an effective BYOD Policy.  BYOD policies are not new and whilst we certainly recommend that organisations have one, any policy will only be effective to the extent that it appropriate for the organisation and backed up with appropriate training, policing and technical support (see below).
  • Training.  Employees must understand their obligations when accessing company data from their own devices.  What additional measures are they expected to take to ensure the confidentiality of the data?  What should they do if they suspect a security breach?  What constitutes misuse of devices and importantly what is the sanction if they breach any applicable policy?
  • Policing.  As with all policies and procedures, on-going monitoring of the effectiveness of a BYOD approach will be critical.
  • Technical support.  Employers should anticipate that employees may require greater IT support initially in respect of matters that arise when using their own devices.  Compatibility issues of platforms and devices will need to be considered and thought given (amongst other things) to determining how the employees’ devices will obtain all the necessary updates they require.

Rachel Ashwood is a Senior Associate in the employment team at Taylor Vinters.

Rachel Ashwood is a Senior Counsel at Mishcon de Reya LLP, specialising in employment law. She brings extensive experience in advising on both domestic and international employment issues, with a career spanning over 11 years in the legal sector. Previously, she held the position of Senior Counsel at Taylor Vinters LLP, where she developed deep expertise in employment law matters. Her professional focus encompasses a broad range of employment-related advice, serving both business and individual clients across complex employment disputes and advisory work.

Latest news

Lucy Standing: Older workers are back in the centre of the hiring debate – ready to lead the response?

For HR leaders, the argument is simple: the people being filtered out of your hiring process are not past their best.

One in 10 women quit work after pregnancy loss, report finds

Research suggests inconsistent workplace support following pregnancy loss and maternity leave is contributing to resignations and poorer mental wellbeing.

Fear of becoming obsolete grips workers as AI reshapes careers

More than two in five workers worry their skills could become outdated as AI reshapes hiring demands and increases pressure to keep learning.

Ford rehires 350 engineers after AI fails to deliver

Carmaker says veteran engineers have helped improve quality, mentor younger staff and retrain AI systems after automated checks fell short.
- Advertisement -

Low harassment reporting may hide workplace misconduct, employers warned

Low workplace harassment reporting rates may reflect a lack of trust in reporting systems rather than an absence of misconduct, new research suggests.

Jennifer Liston-Smith joins Halo Workplace Nurseries board

HRreview columnist Jennifer Liston-Smith has joined Halo Workplace Nurseries as chief purpose officer to help develop its workplace nursery compliance platform.

Must read

Sarah Baker: Generation Y – The post interview interview

So you have gone through the arduous recruitment process...

Simon Girling: How to get the best out of your recruitment process

Simon Girling, founder of Girling Jones Recruitment, an agency which focuses on recruitment in the construction sector, discusses his top five tips for a smooth-running recruitment process.
- Advertisement -

You might also likeRELATED
Recommended to you