The Written Policy Your Business Needs But Probably Lacks

Effective employers balance employee morale and work efficiency. If you are reading this post, you are probably one of those employers. You want to keep your talent happy. You want to be flexible. You are willing to provide frequent and timely input and feedback. You want to give your employees the resources they need to succeed without tethering them to the office.


In an effort to find and maintain the elusive work-life balance for their employees, many employers increasingly rely on “bring your own device” (“BYOD”) to work policies. BYOD workplaces allow employees to utilize their personal devices to conduct their employer’s business. These devices typically include smart phones, laptop computers, external hard drives, and other hardware capable of transmitting and storing electronic information.


Allowing employees to use personal devices to conduct business has several advantages. In addition to realizing the cost savings in not buying additional equipment for employees, employers can stay in touch with their employees in remote locations. Employees with children can perform essential tasks at home. Commuters can work while in transit. 


Before you allow your employees to use their personal devices for work, however, you should recognize that BYOD practices are not without problems. To reduce risk, employers who allow employees to use their own devices must have clearly written BYOD policies. Your BYOD policy should be narrowly tailored to the specific circumstances of your business, yet broad enough to protect your confidential and proprietary information – all without unnecessarily infringing on your employees’ legitimate expectations of privacy.

To strike this balance, an employer’s BYOD policy should clarify that:

·      communication sent over the employer’s server is subject to monitoring by the employer;

·      personal devices will be configured by the employer to work with the employer’s information systems;

·      no employer information may be stored on any device or platform (hardware or cloud-based) without prior approval by the employer;

·      personal devices will be password-protected;

·      passwords will be changed periodically;

·      the employer has the right to over-ride employees’ password with “administrator” passwords;

·      personal devices will have “lock” features triggered by inactivity;

·      employees consent to complete wiping of data in the event of a lost device;

·      non-work related communication using the employer’s information systems is prohibited and may result in disciplinary action;

·      employees must return all employer information in any format, including any information stored on any personal devices, to the employer upon separation;

·      employees are prohibited from using their devices to violate the employer’s policies, including any anti-harassment policies, and are otherwise prohibited from participating in any unlawful activity using the employer’s resources;

·      in keeping with the Fair Labor Standards Act (“FLSA”) and any related wage/hour laws, non-exempt employees are required to record and report any out-of-office and work-related activity conducted remotely in excess of forty (40) hours per week.

In addition, a BYOD policy should specify that any employee who uses his or her personal device in violation of the BYOD policy recognizes that such a violation:

·      constitutes potentially irreparable harm to the employer;

·      may not be remedied by a monetary award of dollar damages;

·      will result in the employee consenting to the imposition of injunctive relief, including, without limitation, a court of competent jurisdiction issuing a temporary retraining order and/or preliminary injunction enjoining and retraining the employee from taking any further action against the interests of the employer;

·      will result in a forfeiture of the device used and a review of the device by the employer, the employer’s legal counsel, or a court of competent jurisdiction to examine to extent of the breach of the BYOD policy.

As with most policies, it is wise to have an attorney with relevant legal experience in the BYOD space draft a policy narrowly tailored to needs of your business. If you allow your employees to conduct your business using their personal devices, contact an attorney and implement a written BYOD policy as soon as possible.


Kevin Burke

Kevin Burke is a partner in the Litigation, Labor & Employment Practice Group at Lippes Mathias Wexler Friedman LLP. EDUCATION: J.D., George Washington University Law School Georgetown University - B.A., magna cum laude Nichols High School School (Buffalo, New York) EMPLOYMENT: Lippes Mathias Wexler Friedman LLP - A partner in the Litigation Practice Group INTERESTS: Member, Nichols School Alumni Board Past Board Member and Officer, Western New York Trial Lawyers Association Bennett High School's Law Magnet Program Bar Association of Erie County Annual Mock Trial Tournament Attorney Coach Past Member, Kiwanis Club of Buffalo Past Member, Child & Family Services Annual Fund Board Leadership Buffalo Graduate, Class of 2006