In the smartphone era, it is commonplace for employees to use their personal mobile devices for work purposes. This often is unavoidable, and often beneficial, to the employer. But when an employee uses a personal cell phone, laptop or tablet to do company work, it can put the employer at risk.

Womble Carlyle attorney and noted data privacy author Ted Claypoole and Best Buy Senior Corporate Counsel Kerry Childe recently discussed this topic with members of the Association of Corporate Counsel’s Compliance & Ethics Committee.

Virtually every business has (or needs to have) a BYOD policy. The risks associated with employee personal device use range from sensitive data loss to litigation discovery issues.

Click here to view the video.

Claypoole: “BYOD has been around for a while, but it’s an issue for most companies that grew up historically rather than logically. People had their own devices and wanted to use them.”

Childe: “People tend to do things on phones that they don’t really think about as business issue. So you may end up with harassment or discrimination concerns. You also absolutely can end up with some wage and hour questions.”

Claypoole and Childe said that cloud storage further complicates the issue of data security for companies.

But Claypoole said there are genuine benefits to letting employees use their own devices. He notes that it generally makes employees happier, and gives them greater flexibility. Also, the company doesn’t have to buy expensive hardware.

Claypoole: “One of the real interesting areas of BYOD is that the firmer you get with telling your employees how they have to submit to your control, the more likely it is that employees are going to completely ignore you.”

So for most companies, BYOD is a business reality that needs to be managed. A company can require certain security software on employee devices, and proper policies and procedures are a must. For example, Childe said Best Buy requires all smart phones to have a PIN-protected lock screen for security purposes.

Childe: “How am I going to make sure that my employees aren’t completely innocently, totally mistakenly, accidentally doing something that’s going to impair the security of my company?”