News & Insights

BYOD (short for Bring Your Own Device) policies are all the rage these days. This is understandable given the ostensible BYOD benefits bounced around as conventional wisdom including, but not limited to: (1) organizational cost savings [BYOD proponents claim it’s cheaper for companies if employees purchase their own smart phones]; (2) fostering an environment of increased productivity and collaboration [BYOD proponents claim an employee is more inclined to be productive when using a device with which he or she is already familiar]; and (3) eliminating the so-called “two pocket problem” [BYOD proponents claim the inefficiencies caused by mandating exclusive use of a “corporate” phone/device for business and exclusive use of a “personal” phone/device for pleasure justifies BYOD]. Yet, notwithstanding the undeniable popularity of BYOD policies, the inherent risks involved are equally undeniable including, but not limited to:

• Information security risks [how does the company protect confidential, proprietary and trade-secret information stored on a personal device; query whether the company is comfortable with a non-corporate repair technician fixing the device if technical difficulties arise as they typically do]
• Undetected and unrecorded “off-the-clock” work that could give rise to unpaid overtime claims for non-exempt personnel [e.g., if the dual-use phone/device rings or pings in the middle of the night, query whether an employee is inclined to respond to a work-related message creating compensable time]
• Reimbursement concerns [federal law prohibits employers from requiring employees to pay for business-related expenses if doing so would reduce wages below minimum wage; some state laws also have reimbursement requirements that may be implicated by BYOD]
• Privacy of employee personal data [including risks associated with “wiping” a personal device upon separation of employment]
• Burden [and associated cost] on IT department of having to configure a seemingly infinite number of devices and platforms

In light of the considerable risks associated with BYOD policies, including the few mentioned above, some employers are strongly considering an emerging alternative – so-called “COPE” policies (short for Corporate Owned Personally Enabled). COPE policies implement a different IT strategy, through which employers maintain ownership of phones/devices but also relax anachronistic standards concerning personal use of such phones/devices. The key to COPE is corporate ownership which affords the company a much greater level of control and oversight over use and disclosure of confidential, proprietary and trade-secret information [and reduces the likelihood of post-employment separation issues, such as loss of confidential information or solicitation of company customers when a former sales employee owns the device and thus, owns his or her contact telephone number]. COPE policies make it easier for IT to implement Mobile Device Management options built into devices which allow employers to remotely control and configure the devices. COPE policies can also be tailored to address other concerns, including those mentioned above.

BYOD policies are appropriate for some, but not all, workplaces. The good news – employers struggling to accept the risks that come with BYOD have a new, viable coping mechanism.