About a year ago, I discussed Bring Your Own Device (BYOD) trend as it was starting to gain popularity in the companies worldwide. The trend has definitely taken over the workplaces across Australia and the opinions are divided when it comes to its effectiveness. Many believe the legal burden is just too big for companies to bear. Others think the benefits outweigh the disadvantages. However, this really varies from one organisation to the other and the specific situations.
BYOD offers many advantages to both companies and its employees. Some of them include allowing workers to be mobile which can increase their productivity, reducing capital expenditures of companies, increasing employee satisfaction because they have the ability to use the devices they wish to use, and so on. However, there are things to be concerned about when it comes to this trend and most of them include security issues.
The biggest disadvantage is that the company loses control over the device but some level of control still needs to exist. One of the main problems we see is that many companies don’t know how to deal with BYOD and its legal implications. It is extremely important to be aware of all the BYOD security issues and set appropriate policies that will ensure there is a way to deal with these issues, if needed.
In order to fully address BYOD and clarify the policy associated with it, companies need to be really precise and fully understand all the implications. It would probably be a good idea to work with a legal team that is knowledgeable in this matter. Expert advice will ensure protection for both the company and its employees.
Some of the gray areas that should be included are:
Who owns the intellectual property that was created on the employee-owned device for work? Traditionally, it would belong to the company if it was created during the work hours on the company computer. But personal devices used for work are a completely different thing.
Data privacy and security – it was traditionally the obligation of a company’s IT department. Does BYOD mean employees have to take care of it themselves? What if the measures they have undertaken don’t comply with industry rules and regulations?
What happens if the device is stolen? Who is responsible for the lost data? What if the employee didn’t have an appropriate backup of information stored on the device? This can potentially be a lot more damaging to the company, which is why BYOD policy needs to cover this aspect as well.
What if the employee doesn’t work at the company anymore? How can the company ensure that they will get all the necessary data and confidential information off the employee’s device? How can the organisation be sure that the employee didn’t copy the data to an external device?
There are many more concerns and they can be specific to industries and even organisations. This is why a BYOD policy needs to be strong and complete so that employees can understand it as well because they are the ones that will eventually have to comply with it.