employment law

Bring Your Own Devices: Is your business protected?

Technology has made our working lives easier.

Thanks to laptops, tablets and smart phones we can connect with colleagues, clients and customers any time, anywhere.

But technology poses a risk for businesses.

From cyber attacks to data protection issues, companies need procedures and policies in place to protect them.

Employees’ personal electronics

This is not only true for the gadgets businesses provide their employees, but also the personal electronic tools employees use themselves.

There is a growing trend for people to use their own devices for work purposes.

As a business, do you allow the practice known as Bring Your Own Device (BYOD)? Do you know to what extent your team are using their electronic tools? Do you have adequate policies and procedures in place?

What are the risks associated with BYOD?

If employees use their own devices for work purposes, personal data that the organisation is responsible for could be compromised.

Businesses have to comply to the Data Protection Act 1998 and if they are found to be in breach of this, not only could they face fines of up to £500,000 but also significant damage to reputation if the breaches are publicised.

A recent case highlights the issue

The Information Commissioner’s Office (ICO) issued a warning to the Royal Veterinary College after an employee lost a camera which contained pictures of a number of job applicants’ passports.

The camera belonged to the member of staff. But they had used it for work purposes and by misplacing the device, risked being in breach of data protection laws.

What should a BYOD policy cover?

While it is important for BYOD policies to cover security and data protection, there are a number of other factors to be considered:

Who does it apply to? Should the policy only apply to employees, or extended to temporary workers and contractors? If the policy isn’t extended to certain people, the business may need to prevent them from using their own devices. In such cases, the company will need to make sure it is able to provide the correct tools and equipment for people to carry out their job.

What other guidelines do you have? Businesses need to make sure their BYOD policy is consistent with any other policies such as IT and data protection.

Which parts need particular attention? If the BYOD policy isn’t part of the employee’s employment contracts, then it makes it easier for businesses to update them as and when is necessary. However, there may be some clauses of the policy that should be included in employment contracts, such as insisting that any work related data and documents stored on an employee’s own device must be terminated when they leave their job.

Who is going to pay? If employees incur costs for using their own devices, they may expect these to be reimbursed by the business. The BYOD policy should outline what costs and charges are covered and how employees go out about claiming these back.

Is there any support? Businesses need to clarify who is responsible for making sure the devices are up to date and safe to use. This could be the responsibility of the employee or the company’s IT team.

A team effort

BYOD policies need to be easily understood and communicated to all relevant employees.

It’s vital that all members of staff are on board with the policy and understand the possible risks and consequences of not complying with it.

As technology evolves so quickly, businesses will probably need to have processes in place to make sure any policies are updated regularly.

The ICO offers guidance to businesses about BYOD policies.

Let us help

If you need further legal advice and support please contact our employment lawyers via Daniel Zakis on 0121 705 7571 or email danielzakis@wallacerobinson.co.uk

Further reading:



This article is for general information purposes only. It does not constitute technical, financial, legal advice or any other type of professional advice and is no substitute for specific advice based on your individual circumstances. We do not accept responsibility or liability for any actions taken based on the information in this article. For more information, please click here.