Navigating the legal risks of BYOD


As this publication has reported on many occasions, BYOD creates numerous legal risks for the enterprise.

That was also the message of a presentation by Michael Finneran, principal at dBrn Associates, at the Enterprise Connect conference being held this week.

Legal risks include the fallout of deleting personal data, along with corporate data, from a BYOD device that has been lost or stolen or when the employee leaves the company, Finneran said, according to a report by Network World.

In addition, the legal discovery process could bring BYOD devices into lawsuits against the employer, raising employee privacy issues. Although not mentioned in the Network World report, BYOD devices could be brought into personal lawsuits involving the employee, which could result in corporate data disclosure.

In terms of employment contracts, using a mobile device outside of normal business hours could result in the employer owing the employee overtime pay.

An excellent discussion of the legal issues raised by BYOD is available in an interview FierceMobileIT did last year with Joshua Konvisser, a partner in the law firm of Pillsbury Winthrop Shaw Pittman. In the interview, Konvisser explained how BYOD is often a legal balancing act between employee privacy, corporate interests and interests of the data owners.

"If I am advising a company that is starting up a BYOD policy, I say that from a legal perspective… the best thing you can do is have someone sign an agreement. Then, there is no argument that this was an unreasonable condition," Konvisser observes.

When considering a BYOD policy, enterprises need to think through the legal implications of allowing employees to access corporate data with their personal devices. The firm's legal team should be actively engaged in developing the policy, along with the IT and business teams. - Fred