What is your Policy with Regard to Employee Use of Mobile Devices?

February 4, 2015|Debra Pagel

Employees often prefer to use certain mobile devices, and may be perfectly willing to use their own personal devices in the workplace. They may be so adept at using them that their efficiency becomes an asset to the company. But such use gives rise to concerns regarding data protection and security, employee privacy, possible theft or loss, and possible misconduct.

Will an adequate BYOD (bring your own device) policy solve all possible problems? Not likely, but it will go a long way toward preventing them. What should you do?

First, beware of these common blunders

Take care of your responsibility. The following will not help you:

  • No policy at all
  • A one-page statement consisting of a simple list of information about the use of personal mobile devices
  • Communication in a form that is not likely to be read and clearly understood, such as language about personal mobile devices built into a multi-page employment agreement
  • Lack of clear, specific instructions for IT staff in the event of an inquiry by top management, law enforcement, or emergency

Regardless of the size of your company, you need a BYOD policy if your employees use mobile devices

Of course your first priority is to protect the company, but your policy should attempt to strike a reasonable balance between company and employee rights and responsibilities.

  • Your policy should be enforced consistently. Make your employees, management, and IT staff aware of your BYOD policy. They should communicate it and train on it.
  • Your policy should clearly specify the rights and responsibilities of the company and the employee. It should be a separate document, immediately identifiable as a policy for personal mobile devices, and be signed by both the employee and a company representative.
  • Information and data security are probably the biggest concerns. Spell out what happens if the device is lost or stolen, if there is a data breach, and if law enforcement becomes involved. When can the company or the employee “wipe” the device (erase company specific information or potentially all of the data stored on it), and under what circumstances? What are the employee’s rights to personal information on the device if it’s confiscated?
  • Be clear as to ownership (which can be complicated if the company offers to subsidize the device over a period of years), access to information, password requirements and other security issues, and what happens when the employee is terminated, retires, or decides to leave the company.
  • Restrict employee access to sensitive company data. Spell out if and when employees are expected to use the device outside of working hours. Because checking email or accessing the system can be compensable time, specify under what circumstances they will be compensated for use outside of working hours. Address whether employees have a right to privacy on personal devices used for business purposes. If necessary, you may wish to eliminate any expectation of privacy.
  • Include instructions on appropriate use. Put employees on notice that company policy prohibiting harassment and discrimination applies to the use of all mobile devices under the BYOD policy.

For more information or for assistance in drafting a BYOD policy, please contact your Schenck representative or Debra Pagel, Senior Manager – HR Consulting, at 715-261-4701 or 800-236-2246.


Debra Pagel provides strategic human resources advice to clients on issues ranging from recruitment and compensation to organizational development, process improvement and leadership development. She has more than 25 years of experience working with organizations to evaluate and improve their human resources practices.