(First in an occasional series about technology and the law.)
For a long time, it seemed that, like death and taxes, BYOD was inescapable. The issue wasn't that employees wanted to use their personal smartphones on your network, it's that they were definitely going to do so whether you like it or not.
But there are consequences to the convenience and lack of up-front costs associated with BYOD, due largely to the fact that security gets substantially more complicated both for private employee data and for sensitive corporate information.
Consequently, companies are getting a lot more cautious about BYOD one recent study found a spike in businesses imposing outright bans on personal device use, as the risk of data breaches and lawsuits becomes more evident.
Alfred Yen, associate dean of faculty at Boston College Law School, said that the major worry is security.
"Foreign devices could easily be used (wittingly or unwittingly) to bring in viruses or malware that causes a network security breach, allowing company information to be stolen," he told Network World.
But those security concerns work both ways, Yen added.
"As a BYOD user (and I think most people are in one way or another), I worry about employer intrusion on my machines," he said. "The employer can monitor what is on my device, potentially compromising my privacy, or maybe ask for access to it in circumstances I'm not comfortable with."
Clear, digestible policies are a business' first line of defense against legal trouble stemming from employee-owned devices, the professor argued.
"I can easily imagine lawsuits breaking out if employers don't properly put into place polices about network usage for the workplace, including employee owned devices," Yen said. "And of course, if proprietary information is taken or exposed, suits could develop there as well."
Dalia Topelson Ritvo, assistant director of the cyberlaw clinic at Harvard's Berkman Center for Internet and Society, concurred, saying that it's important to make sure both parties in the relationship are on the same page.
"My best advice for a company is to have clear policies regarding when it is appropriate for an employee to use their own devices, and create technological protocols to ensure the company retains control over the information," she said.
For employees, Topelson Ritvo noted, the key concern is to keep work and personal data as separate as possible.
"I recommend, even if you are planning to use your own device for work, to maintain completely separate email accounts, and to take advantage of any remote, cloud-based access to company systems," she said.
Using cloud systems obviates the need to download company documents onto a personal device, limiting the degree of access an employer might need for security. That's important, Topelson Ritvo said, given the difficulties that BYOD poses for compliance with document retention and management laws.
Sign up for CIO Asia eNewsletters.