The Liability Implications of BYOD - and the Insurance You May Need
Bring your own device, or BYOD, is a major benefit to businesses. But are you aware of the liability implications of BYOD?Fortunately, we've got you covered. In this article, we'll take a look at the liability implications of BYOD and the insurances you may need.But first:
What is BYOD
The number of firms that are allowing and/or encouraging their employees to use their own cellphone, laptops or tablets for work purposes is increasing rapidly.And there are considerable advantages of cost and convenience for businesses that adopt these “Bring Your Own Device”, or “BYOD” policies. So much so that a 2017 study suggested that more than half of companies were requiring employees to provide their own devices.But there are also potential risks. And firms need to guard against these whether they are actively encouraging or merely tolerating the practice.
The Advantages of a BYOD Policy
As long ago as 2013, a Gartner report estimated that the cost of providing employees with mobile devices could be as much as $600 per person per year.And although some firms offer employees extra compensation as part of their BYOD programs, there is no obligation to do so. Many businesses can, therefore, realize some significant direct cost savings by having employees use their own devices rather than providing them.BYOD can encourage employees to stay engaged and connected with colleagues and the office outside of regular working hours - delivering significant increases in productivity. And there's also evidence that allowing the use of personal devices may increase staff motivation and job satisfaction.
The Potential Risks
Unfortunately, loosely defined or poorly managed BYOD policies may also lead to significant extra liabilities.Businesses, for example, which operate in markets such as health care or finance, may be subject to severe regulatory penalties for data breaches. These penalties will be on top of any damages awarded in litigation. And they will apply even if the breach was caused or enabled by a personal device.Secondly, there is a risk that employees will not be as conscientious in updating the operating systems, firewalls and anti-virus software of their own devices as a corporate IT department might be.The use of public Wi-Fi connections by employees away from the office can also present hackers and malware distributors with a golden opportunity to access corporate systems and data. And the good old-fashioned physical loss or theft of a device, of course, remains a risk whenever it is off business premises.Another issue to be borne in mind is the departure of employees, whether voluntarily or by termination. The deliberate misuse of data that disgruntled former employees have retained on their personal devices is an obvious hazard. But you also need to guard against the compromise of data or passwords inadvertently retained by employees who have left on good terms.You should also be aware that the discovery process in liability litigation will often include data held on employees’ devices. And this process will apply regardless of whether your business has adopted a formal BYOD policy.The practical consequence of this is that liability claims may become much more expensive to defend, regardless of their merits.
How to Mitigate Liability Implications of BYOD
A formal BYOD policy
The first essential step in mitigating the potential risks associated with BYOD is to draw up and implement a formal written policy, which all employees will be required to observe.The policy will need to set out exactly what devices may be used, and for what purpose, and how employees must connect to company networks. The policy should also set out what apps and cloud services may be used, and what employees must do to keep the security of their devices up to date.Finally, compliance with the policy should be a term of your employment contracts, which will allow you to exclude some liabilities - notably for loss or damage to devices.It’s evident that BYOD policies are likely to be detailed and complex documents, so that thorough staff training in their operation must be an essential element of risk mitigation.
Insurance
It’s also essential that you look closely at your liability insurance coverages including your general liability, cyber-liability, E&O and D&O.You need to find out exactly what coverages you have, if any, in respect of employees’ use of their own devices, and whether there are any gaps that you need to plug.It has to be said, though, that this is an area in which the law is both complex and rapidly changing. It is therefore highly advisable that you consult closely with both a specialist employment attorney and your insurance advisers to identify the exact extent of your potential liabilities.
Talk to Us
That kind of attention to detail is our watchword at Brashears. And it’s our mission to provide all our clients with tailored insurance coverages that meet the individual needs of their businesses – without spending a cent more than necessary.If you’d like to talk more about the liability implications of a workplace BYOD policy you can call us today on 805-564-7645 or send us a message here.