There is a great deal of discussion about the advantages and disadvantages of the policy of allowing employees to use their own mobile devices, primarily smartphones, instead of employer-issued devices that are to be used solely for work purposes. This policy, known as “bring your own device” (BYOD) can make employees happy, but it also presents a number of issues that should be explicitly addressed by employers before they adopt any policy. The biggest issue that companies face revolves around how to secure their data on the phone and protect it from misuse. With BYOD, the employer loses a degree of control over the device and its contents, yet remains legally liable for the consequences of a data breach. It suffers the same damage to its brand and reputation whether the data breach occurred on a company-owned device or an employee-owned one. However, while this is an issue that gets center stage, there are others that are also important.
Issues To Consider
There are human resource issues that arise that need to be considered. An ill-considered policy can create legal liabilities under federal and state laws, as well as create human resources issues that affect employee satisfaction, trust, recruitment and retention. This e-guide will address some important human resource implications that arise from the adoption of BYOD. As background, it is important that we understand what BYOD is and what led to its widespread adoption. BYOD is the acronym for Bring Your Own Device to Work. “Device” can refer to a laptop, tablet, or smartphone. Most frequently, however, the BYOD issue arises over the use of mobile phones. As it became more common for everyone to own their own mobile phone in the start of the 2000s, an issue of convenience began to arise. Employees who had company-issued phones now had to carry two devices 24/7: their own and their employer’s. This clearly isn’t the height of convenience. If the devices were not identical it would mean mastering two different operating systems. As a result, a movement arose to allow individuals to use their own phones for work-related demands and drop the employer issued one. Although not as prevalent, the issue can come up with the use of personal laptops and tablets for work use.
Why would employees want this when their employer is footing the entire bill for a company issued phone or laptop? It is mostly convenience and the freedom of personal choice. Because we use electronic mobile devices 24/7, we blur the lines between work and personal use. At any point, we may be answering a work email and texting to a family member. It just becomes impractical to have the two physically segregated. That said, there are also reasons individual employees may have strong objections to a required BYOD, not the least being personal privacy. So what’s an employer to do? The answers aren’t easy and will differ for each organization. A wide calculus of issues enter into the final decision to allow BYOD and there is no right or wrong answer.
However, it is important that the decision be made by a management team that is fully informed of all the issues surrounding BYOD. The worst thing is to just adopt the approach with no policy to constrain BYOD device usage. Without proper guidelines, policies, and tech support, the company exposes itself to privacy, human resource, and data breach vulnerabilities. This e-guide will look specifically at the human resource implications of BYOD.
The first question likely to arise is “Who pays for this?” Does the employer get a free ride while the employee uses the device they bought for themselves? That hardly seems fair. Should the employer pay the full price or pay a portion of the cost? And what about individuals who refuse to provide their own device–how will that be handled? These questions raise human resource issues of whether employees perceive they are treated with fairness and equity. However, reimbursement is not just a question of fairness: there are legal issues involved. For example, California and Massachusetts have laws with specific requirements to reimburse employees’ business-related expenses. Smartphone expenses for work-related uses would clearly fall under the purview of these regulations. BYOD will require that companies get legal advice when determining how much of a device’s up front cost and data plan have to be paid for by the employer. Failure to do so could violate state laws. FLSA – A second area that could raise legal problems is the handling of exempt and non-exempt employees under the Fair Labor Standards Act (1938). The FLSA creates a framework for paying wages above the law’s definition of a forty hour work week that includes overtime pay for work performed beyond that threshold. Under FLSA, two basic classes of workers are defined: those employees who must be paid overtime when working in excess of forty hours (non-exempt employees), and those who are not required to be compensated for work done beyond the 40 hour limit (exempt employees).
The problem FLSA presents is that non-exempt employees must be paid for all work, including any work activity outside regular working hours. An example of the liability that is created for an employer are employees who respond to texts and emails from home outside “office hours”. This is compensable work and needs to be counted under the 40 hour threshold. This presents no problem for an exempt employee but is avery real issue for non-exempt employees. One solution may be to forbid the use of the device for work-related activity outside of specified regular work hours. Another solution is to only permit BYOD solutions be provided to exempt status employees. That could mean that the use of employer-issued devices by non-exempt workers would not be permitted outside of working hours or may need to be stored at the workplace and not taken home. A third solution may be device management technology, often referred to as MDM, which allows the partitioning of work and personal data on individual devices. This technology could be used to limit access to, or use of, work data and applications during certain times.
A managed service provider would be an excellent resource for determining MDM as a solution to FLSA issues. Whatever solution you adopt, it is very important that you define strict written policies that keep you within the requirements of the FLSA. Finally, there is a privacy issue. Extreme dissatisfaction with privacy policies could damage employee satisfaction and the trust necessary to maintain apositive employer-employee relationship. Extreme dissatisfaction could also lead to retention issues, a major human resource management concern.
With BYOD, employers have sincere concerns about the privacy of their data contained on devices over which they do not have complete control. To what extent can they monitor and have complete access to the device in order to update software and secure their own data? From the employee perspective, the biggest concern about BYOD is the privacy of their own personal data. Employees fear company access to video, health records, photos, private emails, texts and other data. What about GPS tracking? Can the employer track employee whereabouts?
These are issues too complex to answer here, but it is important to raise them so that you can adopt BYOD with eyes wide open. Design policies that ensure you are not in violation of either federal and state wages laws and state reimbursement policies. And while the laws may be less clear regarding privacy policies and company monitoring of BYOD devices, it should be recognized that ill-defined policies or ones that are perceived to be excessively invasive of employee privacy could create serious human resource issues, particularly in the areas of employee satisfaction, recruitment and retention.