Practice ‘bring your own device’? Here’s how to avoid legal trouble

The illusion of privacy in the ever-changing world of technology is a growing issue for businesses and startups. Trends such as big data and BYOD (“Bring Your Own Device”) present increased compliance risks that employers and employees may not be ready to handle.

As part of Philly Tech Week 2014, Pepper Hamilton‘s Emerging Growth Practice Group – which provides legal counsel to entrepreneurs, startups and early stage companies – is hosting an event called “BYOD – Bring Your Own Device: Liability and Data Breach Sold Separately” today, Tuesday, April 8, from 10:00 a.m. to 12:00 p.m.

Pepper Hamilton also hosted an event called “Between You, Me and Mark Z.: The Illusion of Privacy in Social Networks and What My Company and I Can Do About It” Monday.

The “Bring Your Own Device” (BYOD) trend has risen dramatically in the last year, but with its increased use comes risks that employers and employees are not equipped to manage. Employers should practice the following in order to avoid unnecessary legal implications:

• Know your data. Companies should be aware of the type of data – particularly regulated data like health or financial information – that can be stored on or accessed by employees on their mobile devices and whether or not it can be transferred to cloud-based file-sharing applications.
• Know your employees. Companies should know and keep track of which employees really need access to sensitive company data from their mobile devices and what use such employees need to make of the data. It is also important to ascertain which of those employees are entitled to overtime payments.
• Tell your employees. It is important to devise a clear BYOD policy, which will preferably be a stand-alone document. The document should clearly address issues, including the following, and will seek the employees’ consent for the provisions:
  • Who is eligible to the program and entitled to bring their own device
  • Regulated data on mobile devices should be handled as sensitive and confidential information
  • Have strong security measures on the mobile phone (strong password, encryption and segregation of data)
  • End-of-term policy – return of the device and remote wipe of the information
• Train your employees. The force and effectiveness of a BYOD policy should be integrated and maintained through employees’ continuous training of the provisions within the policy as well as the privacy and data security aspects underlying the policy.