WHAT IS A “BOYD” POLICY? WHAT DOES IT DO AND DO I NEED ONE?
Often employers allow employees to access their company email accounts or client contact information on the employee’s own personal mobile device. Without a proper BOYD policy, this information can walk out the door with the employee when they leave the company.
Due to the growing reliance on smart devices and other digital devices to manage almost every aspect of our everyday life, the demand for BOYD policies will increase.
A properly crafted and implemented BOYD policy can result in higher employee morale, increased efficiency and higher workplace satisfaction. However, a BOYD policy can cause serious issues for an employer if the proper steps are not taken to protect confidential information when developing and implementing the policy. In certain situations there are regulatory or compliance obligations that require special controls and protections for data. (i.e.: those set by HIPAA or the Securities & Exchange Commission).
The goal of a BOYD plan is to strike a balance between the desire to allow an employee full rein over the employee’s own device and the employer’s need to impose controls to protect company data.
Things to consider when implementing a BOYD Policy
- Scope: Determine what device or devices you will support (the type of device, the brand of device and/or the service providers). It is important to consider the security features of those devices and the availability of tools for remote management.
- Acceptable Use: Set clear expectations. Clearly explain in writing what is and is not acceptable use on the employee-owned device that will be holding company data. Discussions about an acceptable-use policy are required to protect company data and shield the company from liability.
- Monitoring of the Device: Clearly identify and explain what information on the employee-owned device might be monitored and/or accessed. Ensure that your company is able to demonstrate that its employees have given fully informed and unambiguous consent to the company to reach data on their personal devices.
- Device/Data Loss Policy: Discuss both technical and organizational safeguards dealing with data loss. The policy should outline what happens if the device is lost or is compromised in any way, and the related obligations of the employee.
- Ownership and Cost Issues: Many BYOD policies include a financial incentive to the employee for their agreement to agree to and abide by a BYOD policy. The BYOD policy should clearly set out how the business and personal uses of the device will be differentiated and paid for. Additionally, the policy should state that the company is not liable for whatever the employee does with the device, even if the company subsidizes the purchase or use of the employee-owned device.
- Employee Termination/ Departure: Define how devices will be handled and what will happen when employees with devices on your BYOD platform leave the company.
If properly implemented, BYOD policies can allow employees the flexibility of using their own devices to access company resources while ensuring that employers maintain control over confidential company data.
Should you have any questions about Bring Your Own Devices Policies, or any other law that may affect business, please contact Waltz, Palmer & Dawson, LLC at (847)253-8800.
Waltz, Palmer & Dawson, LLC is a full-service law firm with various areas of service to assist your business, including: Employment Law, Intellectual Property, Commercial Real Estate, Litigation and general Business Law services. Individual services include Estate Planning, Wills and Trusts, Probate, Guardianship, Divorce and Family Law.
This article constitutes attorney advertising. The material is for informational purposes only and does not constitute legal advice.