Startups
Guest posts / Legal / Philly Tech Week

Practice ‘bring your own device’? Here’s how to avoid legal trouble

The "Bring Your Own Device" (BYOD) trend has risen dramatically in the last year, but with its increased use comes risks that employers and employees are not equipped to manage. Employers should practice the following in order to avoid unnecessary legal implications.

By:
Editor headshot
Editor@technical_ly
Apr 8, 2014 7:30am
This guest post is part of a media sponsorship related to Philly Tech Week, which Technical.ly Philly organizes. This post is written by Odia Kagan, an attorney in the Corporate and Securities Practice Group of Pepper Hamilton LLP, resident in the Philadelphia office. Her experience includes the representation of technology and start-up companies from formation in various aspects of doing business in cyberspace and advising companies on issues relating to privacy and data security.

The illusion of privacy in the ever-changing world of technology is a growing issue for businesses and startups. Trends such as big data and BYOD (“Bring Your Own Device”) present increased compliance risks that employers and employees may not be ready to handle.

As part of Philly Tech Week 2014Pepper Hamilton‘s Emerging Growth Practice Group – which provides legal counsel to entrepreneurs, startups and early stage companies – is hosting an event called “BYOD – Bring Your Own Device: Liability and Data Breach Sold Separately” today, Tuesday, April 8, from 10:00 a.m. to 12:00 p.m.

RSVP

Pepper Hamilton also hosted an event called “Between You, Me and Mark Z.: The Illusion of Privacy in Social Networks and What My Company and I Can Do About It” Monday.

The “Bring Your Own Device” (BYOD) trend has risen dramatically in the last year, but with its increased use comes risks that employers and employees are not equipped to manage. Employers should practice the following in order to avoid unnecessary legal implications:

  • Know your data. Companies should be aware of the type of data – particularly regulated data like health or financial information – that can be stored on or accessed by employees on their mobile devices and whether or not it can be transferred to cloud-based file-sharing applications.
  • Know your employees. Companies should know and keep track of which employees really need access to sensitive company data from their mobile devices and what use such employees need to make of the data. It is also important to ascertain which of those employees are entitled to overtime payments.
  • Tell your employees. It is important to devise a clear BYOD policy, which will preferably be a stand-alone document. The document should clearly address issues, including the following, and will seek the employees’ consent for the provisions:
    • Who is eligible to the program and entitled to bring their own device
    • Regulated data on mobile devices should be handled as sensitive and confidential information
    • Have strong security measures on the mobile phone (strong password, encryption and segregation of data)
    • End-of-term policy – return of the device and remote wipe of the information
  • Train your employees. The force and effectiveness of a BYOD policy should be integrated and maintained through employees’ continuous training of the provisions within the policy as well as the privacy and data security aspects underlying the policy. 
Companies: Pepper Hamilton
Engagement

Join the conversation!

Find news, events, jobs and people who share your interests on Technical.ly's open community Slack
Trending

Philly daily roundup: Women's health startup wins pitch; $204M for internet access; 'GamingWalls' for sports venues

Philly daily roundup: East Market coworking; Temple's $2.5M engineering donation; WITS spring summit

Philly daily roundup: Jason Bannon leaves Ben Franklin; $26M for narcolepsy treatment; Philly Tech Calendar turns one

Philly daily roundup: Closed hospital into tech hub; Pew State of the City; PHL Open for Business
Technically Media