act 2014 business or pleasure the challenges of bring your own device policies in the workplace
TRANSCRIPT
Business Or Pleasure: The Challenges Of Bring Your Own Device Policies In The Workplace
Dylan W. Wiseman
Littler Mendelson, P.C.
Lingo:
Dual Use Mobile Devices and BYOD
• BYOD = Bring Your Own Device
• Dual Use Mobile Device: Mobile device used to
create, store and transmit both personal and
work-related data
• Some Other Terms:
– BYOC: Bring Your Own Computer. Programs that add
laptops to the covered devices
– BYOA: Bring Your Own App. Per Gartner Group, 145
new mobile apps were downloaded per second in Q4
2012
2
What Are Employees Doing?
Consumerization of IT
• 62% of full-time workers
own smartphone
• 33% of full-time workers
own tablet
• Time spent on a mobile device each day
by U.S. adult has quadrupled from 2009
(22 minutes) to 2012 (88 minutes)
(USA Today 3/7/13)
3
What Are Employers Doing?
• 55% of IT managers have made exceptions for “specialized
members,” i.e., top executives to use their choice of devices and
software (2013 iPass MobileIron study)
• 55% of IT directors will actively accommodate and encourage the use
of personal devices (Citrix Study 2012)
• 81% of respondents accommodate personal devices in the workplace
(2013 iPass MobileIron study)
• 54% of respondents had a formalized BYOD policy (2013 iPass
MobileIron study)
4
• IBM
– 80,000 employees
– IBM CIO: “If we didn’t support them, we figured [employees] would figure out how to support [the devices] themselves.
• Intel
– Started program in 2008
– Now encompasses 24,000 devices, about 90% of these are smartphones
– Uses multiple security levels for access to different categories of documents
• Sybase
– 20 different phone options
– Employees buy and own the phones, but Sybase pays for the monthly service contract
• Citrix
– $2,100 stipend to purchase a laptop of their choice and a 3-year warranty.
– Company owned cost was $2,600.
– Adoption rate of about 20%.
Tech Companies Taking The Lead
5
What Are Employees Doing?
How do you use your smartphone?
Source: The iPass Global Mobile Workforce Report, http://mobile-workforce-project.ipass.com/cpwp/wp-
content/files_mf/ipass_mobileworkforcereport_q3_2011.pdf
6
What Are Employees Doing?
Do you use your tablet primarily as a
personal or work device?
7
Corporate Rationales
• Reducing expenses for employers
• Improving employee productivity
– Intel estimates that its BYOD employees save an average of 57
minutes per day by being able to access work materials from
personal devices based on three years of employee estimates
• Improving employee engagement
• Aiding in the recruitment of new employees
• Solving the “two pocket problem”
8
• All tallied, BYOD doesn’t look pretty from a cost perspective. A typical mobile
BYOD environment costs 33 percent more than a well-managed wireless
deployment where the company owns the devices ***.”
– Loss of bulk purchasing power
– Higher help desk/support costs
– Security issues
• The trend toward employee-owned devices isn’t saving IBM any money. (MIT
Technology Review, Monday, May 21, 2012)
Does It Really Reduce Costs?
9
Creates Significant Risks Most Companies
Are Ignoring
• Data-Related Risks
– Security of company data
– Privacy of employee data
– Records management
– Contractual obligations
– eDiscovery
– Trade Secret Protection
– Contingent Workers
• HR-Related Risks
– Performance management
– Tax
– EEO
– Wage & Hour
– Workplace Safety
– Labor
– International
• COPE
– Corporate
– Owned
– Personally
– Enabled
There is an alternative
HR and Employment Law
Issues
HR and Employment Law Issues
• Performance management
• Discrimination, hostile work
environment, accommodation
issues
• Workplace Safety
• Wage & Hour
• Expense Reimbursement
• Labor
• International
Data Security & Privacy
Issues
• Access to private information
– Computer forensics
– eDiscovery collection during litigation
• Issuing a remote wipe command
– Employees have a reasonable expectation of privacy in their
personal device
– All 50 states have computer trespass laws
– Computer Fraud & Abuse Act
Employee Privacy Rights
• Employee ownership of the account with the service provider
will limit company access to its data
• No contract with company
• Obligation to “vet” security controls of vendors
• Data may be more available to law enforcement or others
Gateway to the cloud
• Stored Communications Act
• Computer Trespass Laws
• Password Protection Laws
Accessing Employee’s Data
• “60 percent of American workers who left their employers
[in 2008] took some data with them.” (Economist)
• Misappropriation may be harder to prove
• Use or disclosure will be the focus
• Access to the devices will be a challenge
Trade Secret Protection
• Locating the data
• Access to the device
• Collection challenges
eDiscovery Challenges
Recommendations
• Careful Planning
• Policies
• Technical controls
• Operating procedures and capabilities
• Educate and train
Coordinated Approach
Decide whether all employees should be
permitted to participate in a BYOD program
or whether certain groups should be
excluded
Recommendation
Require employees to consent to all
company activities involving the personal
device
Recommendation
Modify or create Employee Agreements
Recommendation
Restrict employees from using cloud-based
apps, cloud-based backup, or synchronizing
work-related data
Recommendation
Ensure that use complies with Wage and
Hour obligations by prohibiting off-the-clock
work and ensuring pay for all hours worked
Recommendation
Training
Recommendation
Revise exit interview processes
Recommendation
Bottom Line: BYOD creates risks and challenges
for employers
• Data-Related Risks
– Security of company data
– Privacy of employee data
– Records management
– Contractual obligations
– eDiscovery
– Trade Secret Protection
– Contingent Workers
• HR-Related Risks
– Performance management
– EEO
– Wage & Hour
– Workplace Safety
– Labor
– International
Questions
Go to: www.workplaceprivacycounsel.com Search: “BYOD”
Littler BYOD White Paper
Thank You