There is a constant striving to keep pace with technological progress. This effort, together with the desire of every employer to satisfy employees, results in many bosses acceding to workers' requests to use technological equipment at work that they have brought from home. These include new smartphones, tablets or the latest laptop.
On the face of it, it sounds like a win-win situation. The employee will be satisfied and work with the newest appliances, and therefore probably more efficiently, and the employer will be perceived as innovative and advanced and won't need to bear the costs of purchasing the equipment. But as can be expected, matters are somewhat more complicated. Abroad, this phenomenon already has a name - BYOD (Bring Your Own Device). This definition relates to situations where employers allow their employees to use privately-owned mobile equipment from home (cellular telephones, tablets, laptops) as part of their work, instead of those that the employer has purchased for them.
But employers would do well to stop for a moment before responding to the employee's request. Use by employees of their private equipment raises many issues in the area of labor law, protection of privacy, and information security. Here are some of the things that it is worth employers paying some thought to before permitting employees to work with their privately owned devices. 1. Communications and Support: Do you intend restricting the type of devices that employees will be allowed to use? On the one hand, why not let everybody choose equipment they are used to and prefer? And on the other hand, are the company's information technology experts really prepared to support every type of device and product, without any restrictions? You must remember that devices must all know how to communicate with each other, and more importantly know how to communicate with the company's existing information systems. The intention is not to cause the employer additional costs by needing to adapt the existing technology to various types of devices.
2. Information Security: When the employee uses the employer's devices, the employer controls them through security means installed on the device (such as anti-virus, restrictions on downloading and various types of installed features, password requirements). But when it is the privately-owned device of the employee, then the employer has no control on what is installed on it, and the type of use the employees makes with it. It is worthwhile considering means that will ensure the protection of the employer's information, so that for example use is restricted on the employee's device for work via remote connection and not by downloading information directly to the device, or by requiring the employee to define entry passwords to the device.
3. Various uses: when talking about the employer's device, the assumption is that the employee also makes reasonable private use of the device, and it is possible to ask of him to distinguish between private use and use for work needs (for example by creating separate folders). But when talking about the employee's device, it is taken for granted that he can also make private use of it. Private use can be the main use of the device while use for work needs is secondary. Even in a situation like this, it is possible to ask the employee to make a clear separation between use for work needs and use for private needs in order to allow for distinguishing between information and files but the ability to check on this is limited.
4. Privacy: The devices, the technologies and their use always raises issues about the worker's right to privacy of information being transferred and stored in them. Many employers encounter the need to enter an employee's mail box and search for correspondence or files, or the need to locate a file that has been saved in the device being used by the employee, and similar situations. The issue of supervision and use of the information stored takes on a new significance when talking about the employee's device.
When Delek Israel asked its senior employees to install software on their cellular telephones that would allow the company to track where they were and their conversations the matter whipped up a storm. When talking about the company's devices, it can require installation of such software, and employees do not always have anything to say on the matter. But if we are talking about the employee's privately-owned device, it can be almost taken for granted that no employee will agree to install such software on his private telephone, and his employer cannot require him to do so.
5. Ownership and Control: The ownership of the device also allows control also allows control (at least apparently) of the information stored in it. During work, for example, it is allowed to define backing up or synchronizing information stored in the mobile device with the devices and servers of the employer. With a device owned by the employee the matter is more complicated when the employee leaves, he is required to return the mobile device that he used to the employer wth the information in it.
When the employee uses his own private device, he takes it with him when he stops working for the company together with the information stored on it. Many employees cannot conceive of letting an employee that leaves take home files prepared during work (code files? customer details? price bids?) even before taking into account that they may not be able to function without this information.
So what can be done despite this? It is possible to prohibit the use of private devices at the workplace, but in many instances this does not stand the test of reality. Therefore, it is important not to ignore this and prepare accordingly.
It is important to formulate the setting of clear procedures of what is permitted and prohibited at the company, and define the conditions in which employees are allowed to use their own private devices. It is important to define the security means that will be applicable to these employees and it is important to ensure that the organization's systems are adapted to support this. When talking about the private devices of employees and not the organization's devices, there is even greater importance to the employees giving explicit agreement to a certain infringement on their privacy. And it should be remembered that this consent must be explicit while defining ahead of time exactly what the employer will be exposed to, what means the employee will use and what he will do with the information that he will obtain.
To summarize the matter, the employer is required to define the rules ahead of time, and receive the employee's explicit agreement to the rules that have been set. Employees must understand that even though they are talking about their private devices, the moment they use them as a work tool, they take upon themselves the rules defined by the employee.
The author is a Partner at Yigal Arnon & Co. Law Firm.