Privacy Rights Clearinghouse
"Bring your own device," or BYOD, is a popular practice with both employers and employees. Employees like the convenience. They don't want to worry about carrying multiple phones or tablets. They like using devices they are comfortable with. And, they can work from anywhere. Employers like having connected employees, and some believe that BYOD policies save the company money.
The tradeoff for employers is that they lose some control over company data and can face greater legal, business and security risks. Unfortunately, this may mean employees compromise privacy and control over their own phones and data when they agree to participate in a BYOD program.
Tips for Employees
1. Read and/or understand the employer's policy before you participate. BYOD policies will vary depending on who you work for, what kind of data you have access to, what industry you are in, and what your role is. They may involve formal contracts or informal agreements. As is often the case, the most important thing to do is understand what you are signing up for! A BYOD policy can create a win-win situation or a messy dispute.
If the policy is written, read it thoroughly. If you don't understand it, ask your manager or human resources department to explain what it means.
2. Ask questions.
- Can your employer remotely access your device? If so, under what circumstances, and what will the employer be able to see? This could include GPS and location information, browsing history, photos, video, chat and messaging histories, social media, apps, etc.
- Can the employer remotely wipe all data from your device? If so, under what circumstances?
- What are your responsibilities if you lose your device or it is stolen?
- Are you restricted from allowing others to use your device?
- What security precautions are you required to take?
- How do you account for time that you work remotely?
- Who is responsible for the cost of the device and data plan, service, repair, insurance, etc.?
- Are you required to have certain software on the device? Are you prohibited from having certain software on the device?
- What are you required to do if you leave the position?
3. If you don't feel comfortable, consider your options. If your employer offers a company-owned device, you may decide to forgo the convenience of doing everything on your own devices. If your employer does not offer a company-owned device, you could use two personal devices: one for work and one for personal matters. However, that option can be cost-prohibitive if your employer does not cover the cost of the plan.
4. Understand your device's privacy and security settings, know what you store on your device, and be aware of the apps you use. This is good practice even if you don't participate in a BYOD program. Password protect your device, turn off Bluetooth capabilities when you aren't using Bluetooth for something specific, do not allow your device to automatically connect to Wi-Fi networks (unless it is a trusted and secure network), turn off your location services capabilities when you aren't using them, and only download apps that you trust.
5. Back up personal data you store on your devices such as photos, videos, music, etc. It is always a good idea to back up important data. It is an especially good idea if your employer has the ability to remotely wipe your device.
For a more in-depth guide on BYOD policies, see PRC's Fact Sheet 40: Bring Your Own Device. . .at Your Own Risk .