After the pandemic many employees have found themselves still working from home, and with this, using their personal devices to access work information. While the personal use of devices for work was not started with the pandemic, it has highlighted the increased importance of technology and value of good business policies in place surrounding said technology.
By now, many companies have established firm bring-your-own-device (BYOD) policies. Other businesses, however, have taken a more informal approach, allowing their policies to evolve with minimal documentation. Whichever camp your company falls into, it’s a good idea to regularly review and, if necessary, formalize your BYOD policy.
Key questions
A comprehensive BYOD policy needs to anticipate a multitude of situations. What if a voluntary or involuntary termination occurs? What if a device is lost, shared or recycled? What if it’s infected by a virus or malware? How about if a device is synced on an employee’s home cloud? Other key questions to address include:
Who pays the bill? Payment policies vary widely. For example, an employer might pay for an unlimited data plan for employees. Any charges above that amount are the employee’s responsibility.
Who owns an employee’s cell phone number? This is a big deal for salespeople and service representatives — especially if they leave to work for a competitor. Customers may continue to call a rep’s cell phone, leading to lost sales for your business.
Are employees properly password-protecting their devices? A policy should require employees to not only use passwords, but also implement two-factor authentication if feasible. In addition, users need to set up their devices to lock if left idle for more than a few minutes.
Legal ramifications
A BYOD policy needs to address the fact that using a personal device for work inevitably opens the door for an employer to access personal information, such as text messages and photos. State that the company will never intentionally view protected items on a device, such as privileged communications with attorneys, protected health information or complaints against the employer that are permitted under the National Labor Relations Act.
In case your business becomes involved in a lawsuit, its data retention policies should address how data is stored on mobile devices and gathered during litigation. Keep in mind that Rule 34 of the Federal Rules of Civil Procedure covers all devices, including personal ones that access a company’s network.
Financial impact
Formalizing your BYOD policy should involve spelling it out in a written user’s agreement that all participants must sign. Consult a qualified attorney in drafting such an agreement.
For questions on allowing employees to use personal devices vs. buying technology assets and providing them to your workforce, please contact your Rudler, PSC advisor at 859-331-1717.
RUDLER, PSC CPAs and Business Advisors
This week's Rudler Review is presented by Becca Thorman, CPA and John Wood, CPA, CVA.
If you would like to discuss your particular situation, contact Becca or John at 859-331-1717.
As part of Rudler, PSC's commitment to true proactive client partnerships, we have encouraged our professionals to specialize in their areas of interest, providing clients with specialized knowledge and strategic relationships. Be sure to receive future Rudler Reviews for advice from our experts, sign up today !