Allowing employees to use their own smartphones, laptops or tablets for work may reduce the employer's costs of purchasing such items and increase the convenience for employees; however, it comes with a security risk, as well as technical issues when employees leave the business. It is therefore vital for employers who allow employees to use their own devices to have a Bring Your Own Device Policy (BYODP) in place.
A BYODP typically deals with the acceptable use of such devices, information security, privacy and the employer's right of access, as well as technology support and maintenance costs. Certain aspects of the policy should be stated as contractual – most importantly, the right of the employer to inspect the device during employment and on termination.
Employers will need to consider their employee's right to the respect of their private and family life and correspondence under Article 8 of the European Convention on Human Rights. Monitoring and access will need to be proportionate to the desired aims.
Even if you don’t permit the above, are you aware of employees using instant messenger applications, often on their own devices, to discuss work-related matters? Recent research has shown that more than 50 per cent of workers use messaging apps for workplace communication and 38 per cent for work-related matters. However, more than 15 per cent said their HR department was unaware of this.
Back in 2017, Deutsche Bank banned the use of electronic messaging on mobiles and the use of texting for business purposes unless on an approved application. Employees were informed that unapproved messaging applications, including WhatsApp and Google Talk, could not be used for business purposes (on personal phones) and were to be disabled completely on work phones. This came after fines for lax communication controls and a failure to retain adequate communication records.
The introduction of the General Data Protection Regulation (GDPR) has increased concerns about the risks associated with instant messaging. Both Volkswagen and BMW have since restricted the use of messaging apps on work devices, with the former banning the use of chat apps for business purposes completely.
Where employees are permitted to hold work-related data on their own device, they may be acting as the employer's agent. If so, the data held on the employee's personal device may be within the scope of any subject access requests received by the employer, and their devices may have to be searched in response to such requests.
The issues identified with applications like WhatsApp go beyond data security. Last year, a cybersecurity firm discovered WhatsApp could be manipulated to change the content or sender of previously delivered messages.
The use of instant messaging applications can also have an impact on an employee's work-life balance due to their 24/7 nature.
However, instant messaging applications aren’t all bad. The NHS has turned to such applications to provide assistance in emergency situations, for example, following the Grenfell Tower fire, where these communication channels helped coordinate patient care.
New guidance for the NHS released last year will help staff make a judgement on when and how to use these applications safely in clinical situations. This includes only using apps that meet NHS encryption standards; not allowing others to use your device; protecting confidentiality by disabling notifications when the phone is locked; and deleting messages when the advice has been copied into medical records.
So what advice would I give to employers? A BYODP should be used to manage the use of instant messaging applications for work-related matters covering issues such as ensuring compliance with the principles of confidentiality, security and rights of access.
If messages are not work-related, you may need to think about highlighting how personal devices should be used within the working environment, and this should be specified within the expected standards of behaviour set out in the BYODP.
Rhiannon Jenkins is an associate in the employment law team at Blake Morgan