Skip to main content

What’s Your BYOD Liability?


While bring your own device (BYOD) policies can increase productivity and simplify corporate device costs, they can also have their dark sides if not managed correctly. I recently read an article highlighting a recent number of court cases brought up by employees against their employers based on their BYOD policies. It’s important to make sure that when implementing a BYOD program you’re as detailed as possible to avoid issues like these.
In Rajaee v. Design tech Homes et al. an employee sued a former employer for wiping data from his mobile device when he left the company. The employee cited the Electronic Communications Privacy Act, which states that it’s illegal to intentionally access electronic information without the owner’s permission, as well as the Computer Fraud and Abuse Act, which states that it’s unlawful to cause more than $5,000 in damages to electronically stored data. While the court rejected both claims, it’s extremely important to lay out who owns what data in a BYOD program, as well as under what circumstances the employer has the right to wipe the employee’s device.

Another issue that enterprises need to outline very clearly is which party is liable under different circumstances. For example, if an employee is in a car accident while taking a phone call or using their device in another way for work purposes not only can the employee be held liable, but also the employer. However, if correctly outlined in an enterprise’s BYOD policy, employers may state that any damages caused while using a mobile device are the employee’s responsibility.

As you can see, there are a number of instances where having the correct policy in place can protect the enterprise and its data. It’s important to set a standard from day one outlining how the enterprise will secure its data. This can be done in a number of ways, but the most popular and often the most effective is through the use of enterprise mobility management (EMM) software and a very specific policy that outlines the rights that the organization has to its data.