Personal electronic devices have become commonplace throughout society and have drastically impacted the speed at which consumers can transfer vast amounts of data. For instance, owners of iPads and Blackberries can download videos, participate in live chats, and respond to dozens of emails, all while waiting in line at Starbucks. Lightweight laptops, storing thousands of pages of information, can be toted (and left behind) virtually anywhere. Many of these devices, of course, are used by employers throughout various industries. The increased ease at which information can be downloaded, transferred, stored, and lost, therefore, has been accompanied by a debate as to how employers can best protect their confidential or trade secret information. With respect to employees’ use of electronic devices for business purposes, some employers adhere to a “Bring Your Own Device” (or “BYOD”) policy, while others follow a “Company-Owned, Personally Enabled” (or “COPE”) device approach. For a discussion of the differences between these two categories, see Benjamin Fink’s prior blog post.
As summarized by a recent article, Not Having a BYOD Policy Can Get Expensive, many companies have chosen to follow a BYOD approach. The article, which can be found here (subscription may be required), explains some of the unique risks an employer faces by following this approach.
While the above article focuses on the BYOD approach, the considerations identified in the article are pertinent to all companies, regardless of which policy they use: it is crucial for employers to consider the risks and implications of any policies related to the use of personal electronic devices, e-mail, and other information technology platforms. Accordingly, employers should stay abreast of recent changes to the law which can affect the reach and strength of cybersecurity measures and ensure that they have written policies (which they follow) that adequately protect against the myriad of risks associated with employees’ increased use of technology and the corresponding increased ease at which they can access business information.