Page 10 - San Antonio Vol 1 No 1
P. 10

TIFFANIE CLAUSEWITZ | Business Law
What to Know When Adding a Bring Your Own
Device Policy
Wehave all become attached to our cell phones, integrating them into our daily lives in ways our parents could not have fathomed. However, with the ability to do more at the touch of a button comes the expectation of immediate, constant communication. In order to meet this demand, lawyers and their employees are using mobile devices and other technology every day, all day, both in and out of the o ce – and the devices they uses are usually their personal ones. While allowing this use of personal devices for work purposes has distinct advantages – employees appreciate the convenience, e ciency, and  exibility brought about with personal device usage, and employers appreciate the ability to save on the expense of purchasing and updating devices – permitting the use of personal devices for work
purposes raises a host of unique issues.
Bring Your Own Device (BYOD) policies, governing
the use of personal devices for work purposes, o er ad- vantages for both employees and employers. However, BYOD policies also present a plethora of unique challeng- es to an employer, including data security, privacy, and wage and hour issues. An e ective BYOD policy addresses your employees’ desire for  exibility and balances them with the legal and cultural needs of your o ce. Below are the predominant risks of BYOD policies, along with a few suggested ways to address these issues through e ective policy implementation.
DATA SECURITY.
Con dential and proprietary information is secured on company devices for a reason. If employees are allowed to access and hold corporate data on their personal devices, the data can be (intentionally or unintentionally) compro- mised if the employer does not have clear security mea- sures and requirements in its BYOD policy. For example,
so ware, intellectual property, con - dential and/or proprietary information could be lost or stolen through employee negligence when the employee fails to take proper precautions, thus resulting in lost and/or stolen devices. In addition, losses can occur as the result of mal-
ware so ware, or if the employee becomes the victim of a phishing scam by clicking a malicious link. Other threats to data security include the use of unsecured or public Wi- Fi networks and an employee’s (or former employee’s) use of protected information for improper purposes.
Employers also have legal obligations related to their clients’ intellectual property, and personal medical and other con dential or propriety information an employee may be required to store on their own device. Ultimately, the liability for the protection of such client information falls on the company. According to Mary Akhimien in “An Employment Law Primer on BYOD Policies,” the best way to lessen the likelihood of data loss and security breaches is by educating employees on the importance of sustain- ing strong passwords, varying passwords, and encrypting data stored on the device. A BYOD policy should clearly state the company’s ownership rights to any data on the device pertaining to the company, and require employees to back up company data and notify the employer as soon as possible in the event their personal device is lost, stolen, or damaged.
PRIVACY.
An employer must carefully balance its duty to safe- guard its corporate data with employee privacy rights. Some companies have turned to Mobile Device Manage- ment (MDM) so ware, which can remotely manage the information stored on an employee’s device, and remotely destroy the data if necessary. Employee privacy is still an issue being explored in the courts; however, according to the National Conference of State Legislatures, 26 states plus District of Columbia and Guam have protections of social media in their state statute that applies to employ- ers. Other privacy protections may also apply to an em- ployee’s data on the device, such as healthcare information or privileged communications between his or her doctor, attorney or spouse.  e best practice for mitigating these privacy concerns in a BYOD policy is to clearly state in your policy the employer’s and employee’s rights and re- sponsibilities, including what information can be accessed by the company, and what will happen if the device is lost or compromised, or if the employee leaves the company.
Tiffanie Clausewitz is a partner at Rosenblatt Law Firm and chair of the litigation section of the  rm. Since joining Rosenblatt Law Firm in 2013, she has represented regional businesses in all areas of commercial litigation, including labor and employment, contract, and real estate matters. For more information, visit rosenblattlaw rm.com or call Rosenblatt Law Firm at (210) 562-2900.
ATTORNEY AT LAW MAGAZINE · SAN ANTONIO · VOL. 1 NO. 1 10


































































































   8   9   10   11   12