Developing Policy to Address Employees’ Personal Devices During and After Working Hours

December 2018

 

by Jamie Hasty, SESCO Management Consultants

Many SESCO clients allow and/or request employees to use their personal devices for work. Also, many clients allow employees to bring to the workplace their personal devices for personal use. The reality in today’s world that we live in is that we are all very closely tied to our mobile phones, tablets, watches, and laptops. For many, it’s a preferred and primary way of communicating with staff, clients and personal friends and family. Personal devices and electronics will only increase in terms of the way we work and live our lives.

Employers as well as individuals alike rely on personal devices in the workplace because allowing use, especially for work, provides significant convenience, cost benefits, flexibility, improves overall productivity and responsiveness and increases worker satisfaction.

However, with these benefits there also are significant risks to consider as well, such as the loss or theft of devices, Wage and Hour (working time) issues, employee privacy, discrimination and harassment and separation of employment.

The following provides SESCO’s recommendation to address the employment-specific legal issues as well as the benefits of personal device policies and addresses SESCO’s staff recommendations that clients and employees should incorporate when implementing personal device practices at work.

Wage and Hour—Paid Time

SESCO clients should carefully consider the Wage and Hour risks of personal devices in the workplace. Under the Fair Labor Standards Act, employers must pay at least minimum wage to nonexempt employees for all hours the employee is suffered or permitted to work by the employer. In addition, nonexempt employees must receive overtime pay when they work in excess of 40 hours during a workweek (federal—some states are more restrictive). When employees have remote access, hours of work can include time spent on or off the clock drafting and responding to emails, taking conference calls, video conferencing and completing projects or discussing work with other employees. Many employers even require employees to check emails around the clock while others may not; but if such compensable time is not paid, it can expose the organization to potential liability—back-wages for time worked not paid.

Staff Recommendation: Employers can protect themselves from such Wage and Hour risks by incorporating into policies that address:

  • Require employees to record and report all time worked—this would include after hours worked when using personal devices.
  • Set clear policies on working outside of normal scheduled hours—many SESCO policies clearly state that employees should not perform work after hours unless specifically requested to do so or approved by their manager.
  • Policy should address minimum wage compliance by reimbursing employees for device fees or paying an hourly rate that ensures employees receive at or above minimum wage after device expenses and fees.

Discrimination and Harassment

If an employee uses his or her own personal device to bully co-workers, send harassing emails or text messages, or transmit racially insensitive pictures or videos, whether during working hours or not, it can create liability for the employer. This includes inappropriate language and communications on social media as well.

Staff Recommendation: SESCO recommends that employers train employees on using good judgment when communicating with colleagues on personal devices. This should be included in new-hire orientation as well as annually in reviewing policy as well as harassment training. The company’s policy should include instructions on acceptable use, prohibit inappropriate use and remind employees that the company’s policy prohibiting harassment, discrimination and retaliation apply to the use of all devices under the company’s policy.

Employee Negligence

Employee negligence can also put employers at risk. When employees receive a new mobile device, they often store their old one or give it away thus increasing the risk of data compromise. Employees may also inadvertently download malware or become the victim of a phishing scam by clicking on a malicious link. Company data can also be compromised if the employee loses the device, fails to password-protect their device, or the device is stolen. Employees may also accidently expose sensitive company information when communicating through unsecured or public Wi-Fi networks.

Staff Recommendation: To reduce the risk associated with data loss and security breaches, clients should educate employees on the importance of maintaining strong passwords, changing passwords and encrypting data stored on the device. Employers may also want to consider adopting a policy that clearly states that the organization owns the company data on the device and requires employees to back up company data and notify the employer in the event their personal device is lost, stolen or damaged. If data compromise is an ongoing concern, employers can establish protocols which permit retrieval and review of company data as well as the ability to remotely locate the device and automatically wipe the device of all data in certain instances.

Privacy Issues

SESCO clients should balance its duty to safeguard sensitive and proprietary information with employee privacy. For example, certain states have enacted laws that protect an employee’s right to social media privacy. These laws prohibit employers from trying to gain unauthorized access to an employee’s private social networking site—including prohibiting against requesting or requiring access to employees’ social media accounts. Privacy protections may also apply to the healthcare information stored on the device as well as the employee’s privileged communications with his or her doctor, attorney or spouse.

Staff Recommendation: SESCO recommends that both the employer and employees’ rights be established, including what exactly can be accessed on a personal device, and exactly what will happen if the device is lost or compromised, or if the employee leaves the business. Companies can also mitigate damages by making employees aware of the privacy trade-offs and the reasonable expectations of privacy related to their use of a personal device for work. Employers can, at a minimum, train employees on what their policy says, inform employees of privacy-related issues and if monitoring or an investigation becomes necessary, minimize the potential exposure of employees’ personal and private information.

Termination of Employment Challenges

When an employee separates from the organization, segregating and retrieving company data can be challenging from personal devices. Accordingly, policy should include a section detailing what actions must be taken, both by the company and employee, upon separation of employment.

Staff Recommendation: Policy might include deleting data, revoking access to a network, deleting certain apps and/or working with the employer’s IT staff or vendor to complete the exit requirements and ensure proper removal of company trade secrets, proprietary and confidential information and other company data. Employers may also want to consider adopting a policy advising employees that not complying with the exit policies will result in a full remote factory reset of their devices which can be achieved by the mobile device management toolsets commercially available. Moreover, they should sign a waiver consenting to such activities and holding the organization harmless for any such damage, loss or use of data loss.

In summary, although there is no one-size-fits-all policy, all employers should develop and disseminate a comprehensive policy that takes into account the company’s existing infrastructure and risk. As with all information security risk, how the organization defines and treats risk plays a role in choosing the security roles that the employer may implement. It is also essential that employers and employees engage in active communication to include training, discussing policy on a regular basis and making revisions and updates as needed.

Jamie Hasty is the vice president of SESCO Management Consultants. SESCO provides results-oriented human resource consulting services to its members. SESCO Management Consultants is retained by ASA to provide HR support on a daily or as needed basis. SESCO also provides services related to employee handbook development and review at discounted rates to ASA members throughout the country. The arrangement provides a free “hotline” to discuss day-to-day employment issues such as policy development, employee challenges such as disciplinary actions, terminations, or workers’ compensation issues, compliance to federal and state employment regulations, and many other management and human resource matters. Hasty can be reached at (423) 764-4127 or jamie@sescomgt.com.

 

##

You Might Be Interested In...

Latest Compass Articles

Latest Webinars

Most Popular

Categories

Tags

Advocacy April 2024 August 2024 BIM Business Development Cash Flow Change Orders ConsensusDocs Construction Construction Forecast Contracts Covid-19 Ethics February 2024 Human Resources Insurance January 2024 July 2024 June 2024 Leadership Liens March 2024 May 2024 Membership mental health nextgen November 2023 October 2023 October 2024 OSHA OSHA Silica Payment Performance Productivity Project Management Safety Sales September 2024 SLDF subcontractors SUBExcel Suicide Prevention Technology Women in Construction Wrap-Ups
© Copyright 2023-2024 - Foundation of the American Subcontractors Association