Employers face risk if rules on work use of personal devices aren’t clear
Kimberly Atkins//August 8, 2012//

Employment defense lawyers say that every business should have a clear, written policy covering all aspects of the use of personal electronic devices, regardless of whether the company allows such use. Failing to do so could have serious consequences, from loss of sensitive proprietary information to discovery-related litigation nightmares to potential liability for privacy or wage-and-hour violations.
“The issue is coming up regularly,” said Philip L. Gordon, a Denver lawyer who chairs his firm’s Privacy and Data Protection Practice Group. “I have advised between a dozen and two dozen clients on ‘Bring Your Own Device’ issues in the last 18 months.”
The increasing use of employees’ personal gadgets for work-related purposes is driven in part by a desire on the part of businesses, particularly smaller companies, to save money on the computer and mobile equipment used by workers.
But what is also fueling the trend is the sharp decline in the use of BlackBerry devices – once a company-provided office staple – as employees increasingly acquire touch-screen phones and tablet computers.
“It’s really the rise of what I call the iPhone-ization of the American workforce,” said Cleveland lawyer Jonathan T. Hyman.
Employees, from executives down to part-time or freelance workers, want to get the benefit of their iPhones and other gadgets at the office, he said.
“In many cases the genie is already out the bottle and employees are already using their devices for work purposes,” said David Navetta, a partner in the Denver office of InfoLawGroup, a law firm concentrating on privacy, data security, consumer protection, information technology and intellectual property issues.
In a recent survey conducted by software company MokaFive, 88 percent of respondents reported that their companies had some form of Bring Your Own Device practice, whether sanctioned or not. But one-third of those surveyed said their companies had no formal policy, and 10 percent didn’t know if a policy existed.
Keeping data under company’s control
The most immediate problem created by the use of personal devices for work is the potential breach of the company’s data security system.
In many cases people that have their personal devices probably don’t have the security in place that would be present in devices that were issued internally,” Navetta said.
Not only do disparate security protections open the company’s internal data services up to potential breach, but also they could fail to protect business data that is stored on individual devices.
Written BYOD agreements should specifically address these issues by explicitly requiring security software on all devices used for work purposes. Policies should also require that employees allow the company to have access to any company data saved on their devices, and even give the company’s IT department the ability to wipe the hard drives of lost or stolen devices.
These provisions may not go over well with workers, but they can save the company money and headaches later, particularly in the event of litigation and accompanying discovery requests.
“Companies must take steps to make sure that company data isn’t walking out the door when the employee does,” said Daniel A. Schwartz, a lawyer in Hartford, Conn.
A good policy will provide that the company will use its best efforts to preserve personal data on devices while recovering company-owned information.
For example, “you can say the Words with Friends apps are going to be protected,” Schwartz said.
But regardless of the specific provisions of the agreement, it should “make clear to employees that the use of their personal device for work is a privilege and not a right,” Gordon said. “If they want to take advantage of the privilege … they need to give the employer access.”
Privacy, wage-and-hour claims
The mixing of company and personal data on a mobile device could lead to privacy claims from employees.
The law is unclear on this issue. The question of whether employees have an actionable privacy claim when employers seek information from mobile phones was left open by the U.S. Supreme Court in its 2010 decision in City of Ontario v. Quon.
Although that case involved mobile devices issued by an employer, the reasoning could be extended to employee-owned devices, Navetta said.
“In that case the court assumed that there was an expectation of privacy on the employee’s part, but it didn’t explicitly hold that there was,” he said. Instead, the court focused on the reasonableness of the employer’s search.
Company BYOD policies should do the same.
“Just because [a policy] may say that employees have no expectation of privacy in the information on these devices, you should try to really narrow down the scope of any investigation and try to avoid sweeping in personal information,” Navetta said.
Personal use of private devices can also give rise to wage-and-hour claims. Workers who receive work-related emails, texts and other communications on their devices even when outside of the workplace may seek to be paid for the time spent on that correspondence.
The issue “has been a concern for a number of years now,” due to the previously widespread use of company-issued BlackBerry devices, Schwartz said.
BYOD policies should expressly address when employees are expected to respond to such correspondence, and specify that any additional wage or overtime claims must be preapproved.
Verdicts & Settlements
- Motor Vehicle-Negligence Unicycle rider dies after being hit by car
- Premises Liability – Delivery driver injured by porch decking collapse
- Premises Liability – Fall down stairs at resort results in injuries, death
- Medical Malpractice – Jurors side with doctor in suit over rescue surgery
- Workers’ Compensation- Seasonal worker paralyzed in tobacco baler accident
- Medical Malpractice- Death from cancer followed stomach pain misdiagnosis
- Workers’ Compensation – Struck in face by forklift, woman suffers brain injury
- Negligence and Tort – Group home resident falls, sustaining femur fracture
- Medical Malpractice – Nursing facility patient dies after fracturing ankle in fall
- Medical Malpractice- Patient has bladder injury during colostomy reversal
- Premises Liability- Apartment guest burned by gas grill spewing fire
Opinion Digests
- The Most Important Opinions, January-June 2026
- Criminal – Court of Appeals wrongly vacated murder conviction
- Tort – U.Va. prevails on former professor’s claims
- Constitutional – Company’s due process claim against county is dismissed
- Administrative – Plaintiffs’ effort to enjoin ITC proceeding fails
- Patent and trademark – Amazon patent infringement suit transferred to New Jersey
- Tort – Chesterfield County dismissed from wrongful death suit
- Consumer Protection – Lawsuit over kratom survives motion to dismiss
- Criminal – Defendant convicted of attempted sexual exploitation of a child
- Evidence – Motion to exclude transmission expert is rejected
- Damages – Court awards pre-judgment interest following parties’ acquiescence
- Employment – Court approves overtime wage collective action settlement







