Bring-Your-Own-Device Policies: What Employers Need to Know
By: Brent Sedge
Chances are good that you’re reading this on a smartphone or other mobile device. It’s also likely that a great deal of your workforce currently uses their smartphone or other mobile device in performing job duties. As such, many employers are either expressly or impliedly implementing Bring-Your-Own-Device (BYOD) policies that allow workers to use their own devices for work-related tasks.
While these policies can certainly lower an employer’s overhead costs, improve efficiency, and provide employees with greater flexibility, they are not without risk. Let us take a look at just two of the important legal issues that arise through employees’ use of their personal electronic devices for work.
Every employer knows that non-exempt workers protected by the Fair Labor Standards Act (FLSA), and sometimes complementary state laws, must be compensated with overtime pay for any time worked beyond 40 hours in a regular workweek. What many employers may not realize, however, is that an employee’s time spent responding to work-related emails or text messages—even on their personally owned device—may be compensable time under the FLSA.
The FLSA requires overtime pay whether that work is done at the worksite or at home. The statute also requires that an employer keep accurate records of a non-exempt employee’s time spent working—even if that time is spent responding to work-related emails on their own mobile device. For example, a Texas court found an employer liable for failing to pay overtime to an employee for, among other things, using her personal cell phone to coordinate provider visits.
An employer should consider implementing policies and procedures to ensure that its workers report off-hours time spent responding to work-related emails on their own mobile devices.
In order to obtain legal protection of its trade secrets, an employer must be vigilant in protecting their trade secrets and confidential information. This task was difficult even in the typewriter-era, when key customer lists and formulas were kept under lock and key. Now, with the emergence of BYOD policies, employers must be even more attuned to the threat that an employee’s use of personal devices may have to their confidential information and trade secrets.
It is likely that an employee’s personally owned device is less monitored than a company-issued device. Furthermore, an employee may have a personally owned device automatically set up to sync with private data-sharing or cloud-storage services. Client contact information, which may constitute company property, may be synced with a personal account (i.e., iCloud, Google Play, etc.)
To avoid any of these legal pitfalls, employers should issue written BYOD policies (either in a handbook or employment agreement) that clearly state the following:
- The employer owns all work-related information on an employee’s personal device;
- The employee must return all work-related information stored on a personal device when the employment relationship ends and provide a certification that this has been done; and
- The employer has implemented these policies to safeguard its trade secrets.
Employers may also want to consider technically-focused steps to maintain the secrecy of work-related information on its employees’ personally owned devices. For example, Mobile Device Management software can be used to remotely delete work-related information from a former employee’s personally owned device.
Employers must ensure that they remain in compliance with the FLSA and similar state laws, even when an employee is on their personally owned device. Likewise, an employer must consider what measures it is taking to maintain the secrecy of its trade secrets against considerations of convenience and flexibility to employees that comes with BYOD policies.