Lawyers say pitfalls remain for BYOD in the workplace

By Ashley Barker
Published Feb. 18, 2014

Around 80% of smartphones and 67% of tablets used for work are employee-owned, according to a 2012 survey by McKinsey & Company Inc.

The trend known as “bring your own device” is forcing employees to pay for devices and data connectivity service instead of the employer. While there can be potential benefits to the trend, new and specific policies should be put into place, according to attorney Cherie Blackburn with Nexsen Pruet.

The commercial law firm and Tri-County Human Resources Management Association held a quarterly breakfast briefing this morning in Charleston to discuss smartphone use in the workplace.

Blackburn said many employees are connecting their personal devices to employer email and data networks. They’re also creating, storing and transmitting work-related information, including potential trade secrets, on personal devices. She cited a Ponemon Institute survey conducted in 2013 that found more than 60% of employers allow BYOD, and only 36% of employers have BYOD policies, according to a 2013 survey by Cisco and BT.

The employee may see the BYOD trend as convenient because he or she is using one device instead of carrying multiple cell phones or tablets. Productivity can be higher when the employee is using a preferred device, and the employer’s costs are lower.

But the company has less control over devices, which means unauthorized users could have access to devices with corporate data in the event that it is lost or stolen. The employee may also dispose of an old device improperly and not keep the device up to date on its security systems.

Blackburn explained the 2012 California case of FormFactor v. Micro-Probe Inc. as an example. She said an employee left FormFactor to work for its competitor, and FormFactor sued the other company and the employee for misappropriation of trade secrets.

The employee had been allowed to work from home on a FormFactor laptop and to use a personal computer for remote access. When the employee left, the company discovered he had placed 4,500 files on his personal computer and external hard drives, Blackburn said.

FormFactor’s motion was denied because it could not show “reasonable efforts” to protect what it said were trade secrets, Blackburn said. There was no written agreement with the former employee to protect trade secrets, and the company did not request the employee to return any data when he left the company, the court documents showed.

“He wasn’t intentionally misappropriating any trade secrets. He was able to leave and take this information with him,” Blackburn said. “In this day in age, if you don’t have some type of agreement — representation from that employee that they’re not going to take with them trade secrets when they leave — it’s almost like the court was saying ‘You’re so far behind, we don’t have any sympathy for you.’ ”

The situation could have been resolved more easily if FormFactor had included a policy on personal devices and trade secrets in the employee handbook or guidelines.

“Probably everybody has a trade secret or confidential information policy. You may have a statement in your handbook about things being confidential. You may have employees sign a nondisclosure agreement,” Blackburn said. “We recommend adding a policy on bring your own device or using dual devices for personal use and work use, and make sure you have protected the information that is on that device.”

She said it’s important to show in writing that when an employee leaves, the company can get access to trade secrets and confidential information back.

Reach Ashley Barker at 843-849-3144 or @AshleyNBarker.

Email Print

Do you give this article a thumbs up? Thumbs_upYes