This post is from the Apperian blog and has not been updated since the original publish date.
Current State (for now) of BYOD Laws & Liabilities
There are multiple benefits that organizations can derive from bring your own device (BYOD) programs and the use of enterprise mobile apps. More than two-thirds of businesses have experienced productivity gains and generated improvements in customer response times by allowing employees to use their own mobile devices at work, according to a study conducted by Dell. The use of enterprise mobile apps can also enable organizations to become more agile and drive higher levels of collaboration between employees and work teams by extending the use of mobile technologies and apps. But along with these opportunities, mobile deployments can also lead to serious legal and liability risks. Companies can face legal exposure when employees knowingly or unwittingly disregard corporate security and usage policies and expose sensitive company or customer information to cyber criminals. Not to mention the costs associated with data breaches.
A Ponemon Institute study places the average total cost of a data breach at over $5.4 million for U.S. companies, with malicious or criminal attacks (37%) representing the most frequent causes of data breaches worldwide. Meanwhile, organizations are increasingly facing liability issues related to the use of mobile devices in the workplace. For instance, a recent California Court of Appeal ruling found in the case of Cochran v. Schwan’s Home Service, Inc. that an employee who is required to use his personal cell phone for work must be compensated “…a reasonable percentage of their cell phone bill” following an analysis of California Labor Code section 2802. At this point, case law related to BYOD is relatively thin, making the landscape of BYOD laws and liabilities uncertain for employers.
Cases involving employee-owned devices for workplace usage may just be the tip of the iceberg in terms of the legal and liability issues facing organizations. To help protect themselves, legal experts recommend that companies explore the concept of “legally defensible” and “reasonable security” strategies for personal mobile devices that are used by employees and contractors under BYOD programs.
To reduce their legal and liability risks, organizational decision-makers should carefully examine their existing security and mobile usage policies to help identify and respond to any policy gaps that need to be addressed. Corporate counsel and other stakeholders who do the legwork can help their companies mitigate risk more effectively.