Bring your own device (BYOD)
The policy, the practice and the risks
BYOD (bring your own device) is becoming an increasingly popular practice among Irish businesses. Many Irish employers are allowing workers to use their own electronic devices for work tasks. It may be their laptop, tablet, smart phone or external storage device.
It can have both financial and ease of use advantages. If the employee is already familiar with the workings of the device, this can help increase productivity. It can also help reduce IT equipment and software costs.
So what are the risks ?
The major risk involves the use of confidential information. The information may relate to your own business processes or those of your clients/customers. The bottom line is that a breach of confidentiality can have a catastrophic impact on your business. The negative publicity that attaches to a loss of confidential data can cause your company to lose business, current and future. You may also face a large fine for breaches of Data protection legislation. The data controller is held responsible, in the event of a breach.
The employee's right to privacy is also a major factor to be taken into account when considering the benefits of a bring your own device policy. Make sure that you have robust measures in place to protect the divide between the employee's personal data and that of the organisation.
What should be in a BYOD policy?
For a bring your own device policy to be effective it must be clear and unambiguous.
It should lay out, as transparently as possible, what private data is monitored and how this is executed. How the monitoring software operates, should be explained in detail to the consenting employee. That way the employee gives an informed consent.
What happens if the device is lost or sold? You should consult with your IT expert to ensure that you are employing best in class security measures in relation to data protection. Has all confidential data been removed from the device? Simply deleting it will not work. You should seek professional help and advice as this area is subject to constant updates.
Your policy should outline the different uses applicable to work and private use of the device.
Who owns the Intellectual property?
Your intellectual property policy should be reviewed in the light of the introduction of a BYOD policy.
Employees should receive training in the implementation of the BYOD policy. They should be made aware of the acceptable uses, data protection requirements, employee monitoring using the device, what happens to the device and any data in the possession of the employee upon termination of the contract of employment.
Each organisation needs to develop a policy tailor made for its individual requirements. There is no “one size fits all” approach .
Spread the knowledge. If you found this article useful, please like and share using any of the social buttons below.