If your BYOD user policies are too strict, then you might be running afoul of the law.
In a case last year, the NLRB made the unprecedented argument that an at-will employment policy could "chill an employee's ability to communicate with others about wages, hours and working conditions or to engage in otherwise protected activity."
Heather Egan Sussman, a lawyer at McDermott Will & Emery, says she has seen at least three reports issued by the General Counsel over the last few years concerning cases where prosecuted companies wrote overly broad policies or policies that went too far. While these reports were mostly directed towards social media, they can apply toward BYOD polices as well.
"Judges assume companies have the capability to preserve and collect all information created in connection with work that relates to litigation. They won't be happy to hear that such information exists but the company doesn't have access or authority to it, because there wasn't employee consent written into the BYOD policy."
The General Counsel's focus on confidentiality policies is causing companies to re-think their BYOD policies, says Sussman, "out of fear of prosecution."
BYOD Policies Get Down to Detail
It's an odd reversal of sorts. The first iterations of BYOD user policies erred on the side of simplicity and vagueness, merely suggesting user behavior instead of providing hard-and-fast rules. They consisted of generalizations about what companies and employees can and cannot do. These BYOD policies were practically useless when called upon for ediscovery or when employees raised privacy concerns.
Then the lawyers got involved. They helped companies draft lengthy documents covering all sorts of scenarios, including legal cases for ediscovery. BYOD policies ballooned to a dozen pages. These policies weighed heavily in favor of a company's right to monitor, access, review and disclose company or other data on BYOD mobile phones and tablets, and gave short shrift to an employee's expectation of privacy.
Now the pendulum is swinging back.
The General Counsel appears to be toughening up on corporate policies that attempt to control an employee's use of the Internet, BYOD or social media. There's concern that companies are exceeding the scope of the their authorization and potentially violating the National Labor Relations Act. While the General Counsel is not the deciding body, Sussman says, its reports can guide companies in drafting lawful BYOD policies that steer clear of prosecution.
Nevertheless, Sussman says she believes the General Counsel is acting a bit heavy-handed in saying what is and isn't permissible. "I think companies should have more latitude to set reasonable and fair rules with their employees, rules designed to protect against the many risks from BYOD and social media," she says.
Sign up for CIO Asia eNewsletters.