ACAS have recently published limited guidance on employers allowing their employees to use and access company data on their personal devices. Such policies are often termed 'bring your own device' policies or BYOD.
With the increased use of smartphones and tablet computers many employers now need to consider whether they should have a policy in place to allow the use of personal devices in the workplace. However, as ACAS point out, the issue is not without its difficulties.
One clear positive for employers is that allowing employees to use their own personal devices can save the business from having to purchase any such devices. In addition, allowing employees to use devices that they are familiar with may lead to an increase in efficiency. It is also thought that employers who are flexible on device use are often viewed more positively by their workforce, which can result in higher levels of staff morale.
However, employers must also consider the risks of a BYOD policy. The most obvious risk is the potential threat to the security of confidential information about the business, its customers and its employees. BYOD policies also present data protection issues, given that employees will carry devices that contain potentially sensitive information. A poorly managed BYOD system could mean that this information is inadequately protected, allowing for the release of information which could be both sensitive and confidential in the event that the device be misplaced or stolen. Furthermore, allowing employees to use their personal device could mean that it is easier for employees to use business information improperly. This risk may be particularly acute if the employee has left the company but still has data on their device.
The question of virus protection and the potential for increased vulnerability from hackers must also be considered. Employees will be using these devices for their personal use and so there is a greater risk of an employee accessing a webpage (unintentionally or otherwise) that could leave the device open to attack.
Finally issues of productivity should be considered. Is an employer comfortable with an employee using a personal device at work with the increased risk of distraction that may entail?
ACAS advises that employers should ensure that there is a clear distinction in any BYOD policy between office use and personal use. Devices should always be password protected and a system could be put in place for remote deletion of data, should the device go missing. Employees should also be aware of their duties and obligations in respect of personal devices. Employers should therefore have a clear statement of policy in place and this can be reinforced by, for instance, staff training sessions.
For more general information on the implications of the advent of the smartphone and social media in the workplace, visit ACAS's website and read their guidance.