Use of devices at work: ACAS recognises need for guidance on “bring your own” policy

ACAS has recently published limited guidance in relation to bringing your own device to work policies, or ‘BYOD’ for short.  Such a policy essentially covers the use of personal mobile phones and computers etc in the office or for work purposes.  Although this has its advantages, it could also throw up a number of problems for both employers and employees.

Social media has become ever more prevalent, not only in people’s personal lives but also in their working lives, as well as being used increasingly by companies for business purposes – Facebook and Twitter are now seen as essential business tools in many organisations.  Naturally this has resulted in a drastic increase of gadget purchasing, with smartphones and tablets becoming more and more commonplace in households.  Therefore, some would consider it to make perfect sense for those household devices to be taken to and used in the workplace – this saves businesses from purchasing additional devices at their own expense (clearly an important consideration in the current economic climate, especially for small business) and allows individuals to use items they are familiar with as and when convenient to them, although many employees may expect a financial incentive for using their own devices as opposed to company ones.

If a BYOD policy is not carefully drafted, there are potentially damaging consequences.  Security always has to be a priority, both for employees and for the content on the devices.  Employers have data protection and confidentiality obligations and if a device is misplaced or lost this could lead to a breach in those obligations.  As the devices would also be for personal use, they could be corrupted as a result of internet browsing or downloads which are unrelated to work.  It may also leave devices more vulnerable to hackers.

The possible consequences also extend post-employment – many organisations require employees to delete or return sensitive or confidential information they may have acquired during employment.  It is much more difficult to ensure this has been done where the device belongs to the individual and not the company.

The ACAS guidance therefore suggests that a BYOD policy should clearly separate business and personal use on the devices, making it easier to manage and monitor.  It also suggests considering inclusion of a provision to allow sensitive data to be remotely deleted if necessary, which would reduce the problems associated with lost devices or those belonging to ex-employees.  Devices should also be secured by a password.

To view the ACAS guidance please follow this link: Dealing with problems at work | Acas