Caution: BYO Devices
With increasing demands being placed on employee's time and productivity levels in recent years, there is a growing trend for employees to be using their own personal electronic devices (such as smart phones, iPads and so on) as well as other electronic storage devices to enable them to juggle work commitments outside of the office - whether it be whilst working at home, or in between client / customer appointments.
Organisations that embrace this trend seem to be reaping the benefits of improved staff productivity, increased staff retention and a reduced environmental footprint, however employers also need to:
- be aware of the potential issues that may arise if the devices are lost and/or the employee leaves the organisation
- understand that the use of BYO devices presents a greater risk to your intellectual property - for example, the ability to switch between use of multiple email accounts for the forwarding of messages (including the sender) could disguise employee activity
- have a policy basis, and the necessary software, to support restrictions and monitoring of the use of electronic storage devices - so you know what is being copied and removed from the office
- have in place measures to minimise potential repercussions (such as breaches of confidential information and intellectual property - both of which have been mentioned previously in this blog.
What can you do as an employer?
Some measures you may want to consider if your employees typically use their own personal devices for work purposes include:
1. Ensure you have a document management system, or at the very least, intellectual property management software that records access, edits, printing, saving and emailing of individual documents, then consider:
- the suitability of restrictions on the ability to send or save documents, such as a closed document management system
- the use of alerts or a cache of any documents that are saved or emailed externally, to allow for monitoring
- appropriate updates to policies and contractual provisions regarding intellectual property, confidentiality, internet and email policy and social media policy. Remember that when an employee is fully advised of the extent to which intellectual property can be monitored, it may deter opportunistic or retaliatory theft of your intellectual property!
2. Understand the role that computer forensics may play and what can be achieved, and then make sure your policies address these matters. For example, ensure that your email and internet surveillance policy contemplates the use of an external third party for monitoring and investigation, and makes it clear that all online activity, including the use of social media, is subject to monitoring:
3. Implement a policy that prohibits the long term storage of confidential documents on electronic devices and allows the employer to randomly check compliance, particularly before someone leaves the organisation
4. Require staff to install secure access passwords on all devices , then ensure that an administrator is aware of those passwords and can override them, and that passwords are not shared by staff
5. Ensure access to company systems (email, databases etc) can be switched off or killed remotely ; and
6. Most importantly, regularly review and amend your policies, communicating the updates to staff. This is essential to keep up with, and address, technological development. For example, do your policies address the fact that documents can be sent on Facebook, or uploaded to LinkedIn?
Coleman Greig has a team of dedicated employment, corporate advice and intellectual property lawyers, who can work closely with computer forensic experts in this field. If you would like to discuss these issues further, or require our assistance with policy update, please give our employment law team a call on 02 9635 6422. We can also provide you with examples of significant intellectual proparty breaches by employees and discuss whether your organisation is at risk.