Mobile devices have improved the flexibility of the workforce, but also have introduced serious concerns for employers.
“The wall between work and personal time is gone, which creates costly liabilities for employers. If your company is sued, it is a lot easier to defend that action when you can demonstrate you thought about the risks and tried to mitigate them,” says Kailee M. Goold, an associate at Kegler, Brown, Hill & Ritter.
Smart Business spoke to Goold about the risks of working on mobile devices and ways to limit the potential liability for employers.
What are the risks associated with mobile devices and data security?
There are two potential areas of liability: data security and employee behavior. Unfortunately, there is no one-size-fits-all policy or agreement that will provide a solution. Because you cannot eliminate all liability, you have to develop a policy that fits your regulatory environment, risk tolerance and trust assessment.
Identifying important data is a critical concern. Protected health information and financial information are the most regulated data, and the law requires companies handling this data to protect against security breaches. On the other hand, some data can be essential to your business but not regulated by law. For example, your company’s success may hinge on your trade secrets or customer information.
Regardless of the data you work with, you need to consider questions like: Do independent contractors have access to your system? What happens when a cloud-connected device is lost? Does the loss of data make your company liable to third parties?
What should companies know about mobile devices and employee behavior?
As far as behavioral issues, three costly liabilities are worth highlighting. First, consider if you are in compliance with wage and hour laws. Are employees working from mobile devices outside of work hours? Does this off-the-clock work push the employees over 40 hours a week? What seems like a small problem can quickly escalate into a wall-to-wall audit by the Department of Labor and a million-dollar lawsuit.
The second serious behavioral risk is distracted driving. If an employee is using a mobile device for work purposes and causes an accident, the company will be on the hook for all of the resulting damage. This is no small matter: verdicts and settlements have been running in the $15 million to $25 million range. Carefully drafted policies can only help your defense.
Third, you should think about the harm a terminated employee can inflict. For example, when an employee separates from your company, can they take your sensitive data and work for a competitor? If you do not have adequate safeguards in place, you will likely have to sue the former employee, as well as the new employer, to stop the bleeding. This loss of data may also make you liable to third parties if they had rights in the data.
As with most employee behavior issues, proper policies and monitoring can avoid headaches and expensive litigation.
Does it matter if the device is employee-owned or supplied by the employer?
The bottom line is that the use of mobile devices at work is a risk no matter if the company owns the device or you employ a bring your own device (BYOD) policy. So you have to figure the best way for your company to manage these risks.
The advantage of a company-issued device is control. You own the software and data being transmitted, like a computer or phone at a desk. Company-issued devices mean employees have fewer privacy rights and it is easier to wipe data. The drawback is monitoring. You have to consider everything: Are they buying expensive apps? Are they using the phone for unlawful purposes while working? Can you enforce these policies in a nondiscriminatory manner?
If you choose the BYOD route, handbooks and agreements must reduce employees’ expectation of privacy in their device. You will need access to and knowledge of what they are doing with work-related data. However, your access should only be for legitimate purposes, such as the installation of security software and wiping sensitive information.
Kailee M. Gooldis an associate at Kegler, Brown, Hill & Ritter. Reach her at (614) 462-5479 or [email protected].
Insights Legal Affairs is brought to you by Kegler, Brown, Hill & Ritter