How to Mitigate the Legal Risks of BYOD
In a previous post, we introduced some of the legal risks of BYOD when implementing a program to manage the bring your own device movement within your company. In this post, we will talk about some ways that companies can work towards mitigating those risks.Employment and Contractor Agreements
All employment-related contracts -- such as non-compete agreements -- must be written specifically enough to clearly state intellectual property ownership rules in different scenarios. For example, if code was developed on an employee-owned device outside of business hours, who owns it?
Don’t let your situation fall under default law, which may or may not be favorable to you, for lack of attention to these contracts. Likewise, contractor agreements must directly assign intellectual property to the company via “work for hire” terms and should include specific terms to address any potential BYOD scenarios.Policies A BYOD policy is the first step a company needs to take to provide guidance to its employees. It should cover subjects such as:
- Acceptable use of the device
- Security procedures that must be followed by the company and the employee (e.g. PIN is required or a specific program must be downloaded before using the device for company business)
- Financial terms (what if any reimbursement does the company provide)
- Rules covering device and data loss -- including whether the company will wipe data from the phone in the case of termination or device loss
- Any monitoring of devices and when/how that may occur
- What devices are allowed or not allowed.
- Encryption and password policies
- Social media use
- Incident response guidelines
- Remote working rules
- And privacy policies.