While Usain Bolt will be battling to retain his sprinting crown this summer, employers will be facing a different kind of battle altogether, according to Ann Bevitt, partner at Morrison & Foerster.
As staff in London seek to avoid Olympics-induced overcrowding, many will be swapping their offices for their own homes and, in some cases, their own technology. For employers wanting to avoid falling at the first hurdle, it is vital that they address the issues raised by employees using their own technology for work purposes.
The use of personal devices for work – or “bring your own device” (BYOD) – is already a growing trend. Analysts at TechMarket View recently reported that, in the UK alone, the BYOD market will be worth £2 billion to UK software and IT services suppliers over the next five years, with the number of employees adopting BYOD rising to 9.5 million by 2016 from a figure of five million in 2011.
Working from home during the Olympics is expected to intensify this trend.
BYOD is a complex issue for IT departments in terms of how they manage and support end-users. Organisations also need to grapple with the potential legal and regulatory issues raised by employees’ use of their own equipment. Unhelpfully for organisations in regulated industries, regulatory bodies have been slow to react and provide guidance on how BYOD applies.
What are the issues facing organisations?
Data security and the risk of data leakage have always been key concerns for employers, and these are highlighted by BYOD as there can be huge reputational issues if a company is shown to be poor at safeguarding personal data. And the question of data protection and privacy compliance is not just an issue in terms of protecting customer data – the protection of employee data is also a key issue for employees. The storage of sensitive corporate data in a non-corporate supported location, like so many of the cloud-based tools out there, is a particular concern for employers.
It is probably not practical these days to take the position that sensitive corporate data cannot be stored on personal devices. Even if an organisation takes this approach, how likely is it that an employee will actually comply?
In addition to data security, the general data protection and privacy implications of a BYOD policy must be considered.
There is also the question of data ownership. On a device provided by the employer, the answer is pretty straightforward. But when an employee uses a personal device for business purposes, it becomes less clear.
As devices become more “intelligent”, employers also need to consider the use of apps, cameras and social media. To what extent can these be used freely on devices with access to sensitive corporate data?
The issues don’t end there. Employers must also ensure that licensing is up to date and that it complies with regulatory requirements. Many of the issues arising from BYOD policies involve compliance with employment law. For example, companies need to be able to access an employee’s data should they be under investigation. There is even the consideration of what is covered by insurance – an issue that is important but sometimes overlooked.
Not just the IT department’s responsibility
Employers will need to decide whether the BYOD programme should be optional or mandatory, and to which employees the BYOD scheme should be open to, without giving rise to discrimination claims. Some countries do not allow corporate data to be stored on a personal device, so a global BYOD programme may not be appropriate. These decisions will require input from many parts of the business, not just IT.
Most of the typical corporate policies that exist in the workplace today were developed in a world before BYOD. But now employers need to catch up with the technological advances and will need to adjust or renew specific policies so that they are fit for purpose. Designing suitable policies which adequately address the use of non-company equipment is key. These policies will need to be reviewed regularly and kept up to date.
However, having policies is not enough: employers must inform and educate employees on the implications of using personal devices for work purposes. It is important to get this right as arguably the best defence against data security breaches is well-informed and well-trained employees.
Organisations cannot resist the consumerisation of IT. It is not a passing trend and the impact of the Olympics is likely to bring this home to many employers sooner than might otherwise have been the case. Indeed, this event could prove to be a “watershed moment” in the use of personal devices for work purposes. If BYOD policies are a success this summer, a widespread roll out among businesses could follow.
The key for employers is to take a pragmatic approach to try and accommodate employees’ desire for increased flexibility, while limiting the potential risks created.
Ann Bevitt, partner at Morrison & Foerster