As more employees use their own devices to do work, businesses need to be aware of privacy, security and intellectual property rights issues.
The current shift in working practices – from the traditional nine-to-five work day based in an office to working remotely and being connected 24/7 – has led to the rise in cloud computing and bring-your-own-device (BYOD). There are, however, certain legal, technological and commercial risks associated with this more mobile workforce and businesses need policies in place to reap the benefits.
First is the issue of privacy, especially when an employee uses their own device for work. Businesses need to put in place policies to manage personal information on BYOD effectively, as well as prevent privacy breaches.
Second is the risk of data breach. Businesses need to update corporate policies to include how and what types of work data can be stored on BYOD and how third-party consumer applications like Evermore and Dropbox can be used. Many are choosing a ‘virtualised’ approach, where no physical data is held on the device and if it is lost or stolen, it can be switched off or killed remotely. Employees must be trained to ensure they take all reasonable steps to secure their devices, including regularly updating passwords and installing virus patches.
Businesses should also be aware of intellectual property issues that can arise and review existing employment contracts to ensure that any and all intellectual property created on a BYOD, whether at work or outside, is owned by the organisation.
Other issues to look out for include:
- retention of records for litigation purposes;
- software licensing arrangements for devices, which may not extend to BYOD;
- insurance policies, which may not cover user-owned devices; and
- human resource issues such as availability of the policy, what happens when the employee ceases employment with the organisation, content and acceptable use obligations, device payment obligations and interaction with other corporate policies.