Insight Center: Publications

Charleston Law Review - Going Mobile: The Risks and Rewards of a BYOD Program

Authors: Hope A. Comisky and Tracey E. Diamond


A version of this article was originally published in the July 2014 issue of The HR Specialist. It is reprinted here with permission.

Employees are increasingly using their personal electronic devices, such as laptops, smartphones, and tablets, for work purposes. The trend, dubbed “Bring Your Own Device” or “BYOD,” has redefined what it means to “be at work.”

Shifting the cost of electronic devices to employees reduces costs while maintaining employee satisfaction. Nevertheless, employers jumping on the BYOD bandwagon face several challenges.

Employment Issues

Employees’ use of their own personal devices for both work and pleasure often leads to informal and sometimes inappropriate communications between coworkers. Smartphone technology facilitates this type of employee behavior by allowing communications via voice messages, text messages, instant messages, e-mails, social media postings, pictures and videos. Indeed, according to a recent study, one in five Americans has used his or her smartphone to send a sexually explicit text message.

Federal and state laws require that non-exempt employees be paid overtime for work in excess of forty hours in a workweek. Because most individuals carry their personal devices with them all the time, when employers send e-mail and text messages to employees outside regular business hours, it is likely that employees will see and respond to them. Therefore, in addition to concerns about inappropriate behavior, employers face potential overtime liability when non-exempt workers respond to these work messages outside of their normal shift time.

Employers also need to guard against liability for employees’ use of personal devices in an unsafe manner. In a 2010 survey, 54 percent of workers admitted that they used their personal mobile device while driving a vehicle.

When employees are involved in automobile accidents while using their personal devices to communicate for work purposes, employers may be found vicariously liable. A recent New Jersey Appellate Division case, Kubert v. Best, has taken the analysis even further, finding that the person sending a text message (i.e., an employer) may be liable if the person who receives it (i.e., an employee) has an accident, when the sender knew or had reason to believe that the recipient would view the text while driving.

Trade Secret Issues and e-Discovery Obligations

Employers who permit employees to use their personal devices for work purposes risk the disclosure – inadvertent or not – of trade secrets and other confidential information during the course of employment, and more critically, after they leave. Employers also have difficulty meeting their e-discovery obligations when employees leave employment, taking their personal devices containing corporate data with them.

Employee Privacy Concerns

Although employers have a legitimate interest in monitoring employees’ personal devices when used for work purposes, employers face challenges in monitoring these devices because both federal and state laws limit employers’ ability to access and monitor employee devices and social media accounts.

The Computer Fraud and Abuse Act, for example, makes it a criminal offense to gain unauthorized access to an individual’s computer and permits the recovery of a damage award when the damage from unauthorized access exceeds $5,000. In addition, the Stored Communications Act provides for civil and criminal liability to whomever “intentionally accesses without authorization a facility through which an electronic communication service is provided ... and thereby obtains, alters, or prevents authorized access to a wire or electronic communication while it is in electronic storage.” Many states also have enacted statutes specifically requiring employers to give notice that they are engaged in monitoring, and some laws prohibit employers from monitoring employees’ activities on portable electronic devices.

Fortunately, employee consent to monitoring is a defense in most of these cases. These risks underscore the importance of a well-drafted BYOD policy.

BYOD Policies and Procedures

It is imperative that employers have appropriate policies in place to reduce the risk of liability. Before drafting a BYOD policy, employers must consider numerous issues, including which categories of employees will be permitted to participate in the program, what types of devices are permitted, whether the company will provide IT support, and whether the employees will be required to download mobile device management software.

Employers should modify their existing handbook policies—such as the policies on harassment, off-the-clock work, codes of conduct, and electronic communications—to incorporate employee use of personal devices for work purposes. Employers also should consider the effect of BYOD on existing employment agreements.

Employers will need to train managers and employees on their rights and obligations under the BYOD program. Employers may have to purchase technology to monitor and separate business information from the employees’ personal information, and train IT personnel on their role in supporting personal devices, maintaining security, and complying with applicable laws. Employers also should be prepared to respond to employee dissatisfaction as they seek to restrict employees’ use of devices that the employees pay for with their own funds. Most importantly, employers must specifically state that their employees’ ability to use their own devices for work purposes is a privilege, not a right, and that access may be terminated if the employees fail to comply with the company’s policies and procedures.

Hope A. Comisky and Tracey E. Diamond

The material in this publication was created as of the date set forth above and is based on laws, court decisions, administrative rulings and congressional materials that existed at that time, and should not be construed as legal advice or legal opinions on specific facts. The information in this publication is not intended to create, and the transmission and receipt of it does not constitute, a lawyer-client relationship.

Data protection laws have changed, so we have revised our Privacy Policy.