BYOD: Time to Adjust Your Privacy Expectations
Employees who want to use their smartphones and tablets for work better be prepared to sign on IT's dotted line and essentially give away their privacy rights.
Wed, May 30, 2012
CIO — Some employees thought they were pretty sneaky downloading confidential data from corporate computers to thumb drives days before they turned in their resignations and bolted to a competitor.
More often than not, they didn't get away with it. Armed with forensic computer analysis—namely, the USB port registry—managers confronted these employees during the exit interview.
What gives managers the right to pursue legal action or at least ask for those incriminating thumb drives back? The answer: a smorgasbord of protective polices with employees' signatures on them, including the confidentiality non-disclosure policy, the ethics policy, the conflict of interest policy, the authorized use of computers policy.
"The BYOD fact pattern isn't that dramatically different, and policies can be written to provide that type of protection for the employer," says Brent Cossrow, partner at Fisher and Phillips, a law firm specializing in labor and employment law.
He adds: "Given the business interest that could be in jeopardy, there are employers who would take a look at how their computers were used in a certain time period. If a BYOD policy was written in a certain way, it could provide support for that examination."
Slideshow: 10 Coolest Tech Devices to Bring to Work
Cossrow's practice area is employee defection and trade secrets, and so he helps companies navigate the murky legal waters that BYOD, or bring-your-own-device, stirs up. An employee-owned BYOD smartphone or tablet blurs the line between personal and work use. Compared to the thumb drive, a BYOD can easily store trade secrets either locally on the device or via a cloud storage service.
At the center of the legal debate is an employee's expectation of privacy. Cossrow says the smartest companies will craft a detailed, customized BYOD policy that works in harmony with existing protection policies. In more restrictive regimes, employees would have to sign away their expectation of privacy with a BYOD smartphone or tablet that's being used in conjunction with corporate computers.
Without an expectation of privacy, employees should assume they have no privacy on their personally owned BYODs.
For employees, it may get even worse. "I think we're going to see case law evolve over time with companies wanting to do more ambitious and extensive searches of personal data on those devices," Cossrow says.
A Legal Precedent?
On the upside, BYOD employees have at least one legal precedent in their workplace privacy corner, Stengart v. Loving Care Agency.
In December 2007, Marina Stengart resigned from Loving Care Agency in New Jersey and sued for gender discrimination. Just before resigning, Stengart communicated with her attorney via a personal, password-protected Yahoo email account on a company computer.