When Saman Rajaee resigned from his sales position at Design Tech Homes in Texas, he wasn’t prepared for the next move the company made. He used his personal iPhone to conduct business on behalf of the company, and as part of the standard separation process, the company’s IT department remotely wiped his phone and restored it to factory settings. He lost all of his contacts, data stored, and also irreplaceable family photos. He then sued the company under Texas privacy laws. The courts ultimately ruled in the employer’s favor, but the story creates a cautionary tale for employers
Complicating the typical privacy and security concerns created by technology in the workplace is the “Bring Your Own Device” (BYOD) trend emerging in many companies. BYOD programs allow employees to use their own personal mobile devices such as smartphones, tablets, or laptops in the workplace. While companies often reimburse employees for expenses related to BYOD programs, the company ultimately saves money by not purchasing the technology. The practice is also appealing to those employees who prefer to use their own devices. Given that the boundaries between work and personal lives are becoming increasingly blurred, many employees want to have access to both on one piece of technology.
From a privacy perspective, some employees fear BYOD programs give the company too much access to their own personal business. A BYOD program typically has guidelines that state that the employer has the right to access the device. When you consider control and security issues, employers should want to access any device that contains work-related information and data. Management must be extra cautious to assure that the technology is secure and does not make company secrets vulnerable. Also if employees are using their device to log in to company systems, the log-in information is typically stored on the device, putting the company at risk if it is lost or stolen.
Many companies have established BYOD policies or asked employees to sign agreements that make the security concerns clear and provide the company permission to access the device. Policies or agreements help establish privacy expectations as well. When it comes to wiping phones, it is best for companies to take more of a “surgical” approach and remove only work-related information from an employee’s phone. A more cautious approach can help keep company information secure, while reducing the risk of employees losing precious pictures of Grandma.
DISCUSSION QUESTIONS
a. Would you want to use your personal device for work purposes?
b. Can you think of any other privacy or security concerns for companies that have a BYOD program?
c. Given the privacy and security concerns, are BYOD programs really a good idea for companies?
d. Are there any productivity concerns with allowing employees to use their personal devices at work?