By Jo Davis, Partner, Employment, B P Collins LLP
There has been a significant rise in businesses implementing Bring Your Own Device (BYOD) strategies. This comes as no surprise following research by Cisco which revealed that of today’s Generation Y; around 90% check their smartphones first thing in the morning – reinforcing the fact that today we are in an ‘always on’ environment. Whilst BYOD can bring a number of benefits to businesses, including cost savings, there are some steps every organisation should take before implementing it organisation-wide:
1. Put a policy in place: The first step is to draw up a reasonable, binding policy on BYOD to protect both businesses and employees. This will ensure that all risks are addressed and managed effectively. For example – what will happen if there is a data breach; who will be liable? What happens when a member of staff leaves or is suspended? Which applications are staff permitted to use? Furthermore, a fair and reasonable BYOD policy will be viewed more favourably should a case go to court.
2. Protect your data: The Information Commissioner’s Office (ICO) has previously released guidance on BYOD in terms of compliance with the Data Protection Act. This includes personal information belonging to the individual, as well as customer and client data to ensure that data is stored securely. It also covers areas such as monitoring of devices, personal usage and whether data can be deleted if any breaches take place.
3. Back up, back up, back up: We all know how devastating it can be when we find ourselves without our mobile phones – whether through loss or an accident, it’s essential that devices are backed up. Any BYOD policies should cover this to ensure critical client data isn’t lost in such an instance.
4. Avoid the perils of free Wi-Fi: There has been a great deal in the press recently with regards to safeguarding data via free Wi-Fi hotspots. General advice is not to share sensitive data over public Wi-Fi as there has been an increase in misuse. The ICO’s advice is to ensure that devices are locked with strong passwords and encryption is used where possible. Any transfer of data should be done via a secure channel. Security breaches can be deadly, so ensure your policy covers this.
5. Practice a work/life balance: Don’t forget that not all employees will want to be connected to their devices 24/7. Whilst BYOD can increase productivity, it can also be detrimental to an employee’s health and wellbeing as they feel under pressure to work from home in the evenings and at the weekend. At the same time, some employees prefer to have access to emails and other correspondence so they can be kept in the loop on work matters whilst they’re on leave or out of the office. It’s advised to give employees a choice as to whether they bring their own device.
With the cross-over of an employee’s personal mobile being used for business, employers must consider the legal implications. By working in close partnership with a trusted legal advisor, organisations can be advised on developing their own policies on BYOD to ensure all risks are addressed and managed effectively.