Law360 reports on a panel event held by the Association of Corporate Counsel on Tuesday to discuss the perils of allowing employees to use their own mobile devices for work purposes. Soren Burkhart of McGladrey LLP argued that “Bring Your Own Device” policies, which I have written about here, here, and here, should be called “Bring Your Own Disaster” policies because of the risks involved in allowing employees to use their personal devices for both work and personal matters. These risks include security breaches (mobile devices are easy to lose) and employee privacy issues. He suggested that employers that are considering such policies take a “measured approach,” which should include policies to address the following:
- who (employer or employee) replaces an employee’s device that has been seized for discovery in litigation;
- what happens to work data stored on personal devices after an employee leaves the company; and
- limitations on the ability of employees to access company data on handheld devices.
The key is clarity. Policies that specifically address the foreseeable issues that might arise when employees use their own devices for work and personal matters ensure that employers, employees, and courts know what to do when “disaster” strikes.