Protect your Company Information from Personal Devices
In today’s world, there are a myriad of personal electronic devices to choose from for phone calls, emails, texts and other forms of communication. As individuals, we have personal preferences and want the widest possible selection when selecting a device. However, as employers, we need to be mindful of how this issue can impact our ability to protect our confidential information and trade secrets. Whether the employer or employee owns the device will have critical implications when an employee leaves the company to join another – particularly if the other is a competitor.
Companies generally fall into two categories with respect to electronic devices used for business purposes. The first is BYOD, or “Bring Your Own Device.” The second is COPE, “Company-Owned, Personally Enabled” devices.
The BYOD scenario provides employees with the widest latitude to satisfy their personal preferences; however, it also requires the company’s IT department to support a wide variety of personal devices. Perhaps more importantly, in the BYOD scenario, employers are putting their confidential information or trade secrets at risk if they don’t implement clear policies for how information may be used and stored on the employee’s devices or implement measures to secure the information when the employee departs. At a minimum, the company must tailor its technology use policies to ensure that employees are put on notice that any information residing on their personal devices at the end of their employment is required to be returned and deleted from the device. Employers may also want to consider requiring employees to create a secure area for work data and activity on the employee’s personal device. This will allow the employer to easily secure that data and information when the employee departs the company.
In the COPE scenario, it is much easier for the employer to maintain control over information stored or accessed from the device. However, given the myriad of choices available, employees may not like the COPE approach, unless the employer offers a fairly wide variety of devices. Employees also may not like this approach because they often want to use their devices for personal activities, in addition to conducting business (e.g., text messaging, Facebook, Twitter, etc.). Given these competing interests, companies that use the COPE approach may wish to develop a policy which allows employees to install apps, music, video and other items on the device. However, the employer must consider how it will handle the employee’s personal data, apps and other items on the device when the employee leaves the company. Employers must also consider how the company’s technology use policies will apply to personal use of the device.
The various issues that an employer must address with respect to personal technology devices are plentiful. For this reason, it is important for employers to address these issues and develop policies that will best position them to protect data and other confidential types of information when an employee departs. Failing to do so could result in the loss of the ability to protect the information from being disclosed to or used by a competitor when an employee departs.