When the COVID-19 health crisis began, many companies sent their employees home to begin working remotely. Often, as a matter of convenience and cost-savings, businesses allowed — and maybe encouraged — employees to use their own devices such as smartphones, computers and tablets. As the pandemic continues, remote working may become one of the “new normals.”

If remote working is to become more permanent, businesses must shift away from convenience and money-saving and consider the legal risks of allowing and/or encouraging employees to use their own devices for work activities. The recommended best legal and business practice is to provide company-owned devices and to have the company pay directly for any necessary internet/wireless service. This may increase short-term costs, but providing company-owned and paid-for devices will save money in the long-term by avoiding costly litigation, civil judgments and potential governmental investigations. Here is a summary of the more important legal reasons to avoid letting employees use their own devices while working from home.

Avoiding Labor Law Violations With Respect to Reimbursements

Most state labor laws mandate that employers reimburse workers for work-related expenses that they incur. Generally, the statutes require reimbursement within specified time frames and, sometimes, the amount of reimbursement is fixed by law. Required reimbursements often include

• Rental cost equivalent
• Repair and maintenance costs
• Costs of utilities and telephone/wireless service
• Storage costs
• And more

All of these cost categories apply to employee-owned computers and electronics. However, many employers neglect to consider and reimburse for some of these categorie, particularly the rental-equivalent cost. That neglect generates litigation risks. Litigation risks are also created by delays and mistakes in reimbursements which may be wholly inadvertent and/or accidental. These legal risks can be mitigated by providing company-owned devices and paying directly for utility services.

Providing Cybersecurity and Protecting Privacy

Cybersecurity and privacy concerns are two additional reasons to avoid letting employees use their own devices. Data security and protecting the privacy of consumers and employees has become crucial to business success. A data breach, hack or criminal cyber-intrusion can be costly both financially and with respect to the company’s business reputation. In general, mobile devices have become a weak point in the cybersecurity armor, partly because mobile devices can be physically lost or stolen, but also because many do not fully understand the risks.

Providing company-owned electronics and other equipment gives the employer the ability to remotely control and update the security of the device and to command that the device be delivered occasionally for physical inspection to the employer’s data security team. In this manner, the device is continually protected by state of the art cybersecurity programs and protocols, any employee-downloaded apps or programs can be deleted and any other employee protocol violations can be monitored and corrected. The device can also be tracked and remotely wiped to prevent data from being accessed by cybercriminals if the device is lost or stolen.

Issuing company-owned devices also facilitates training for employees including how to physically protect and secure the device, procedures to follow if the device is lost or stolen, what is appropriate to store and download to the device, how to protect consumer data, and more.

Protecting Trade Secrets and IP

Another reason to avoid letting employees use their own devices is protecting a company’s trade secrets — and other IP — which may be downloaded or stored on the devices. If the employee separates, it will be crucial for the employer to retrieve the device to remove any trade secrets. While trade secret statutes are robust and courts will order turnover of an employee-owned device, still, courts are much more inclined to quickly order the turnover of company-owned equipment. The ownership component is important, but so is the fact that the company took the extra step to protect its trade secrets by issuing company-owned equipment.

Moreover, aside from the litigation aspect, as noted, a company-owned device should be configured to allow remote access. Using remote access to delete trade secret and confidential data might avoid litigation entirely. Control of the device can also help prophylactically. Monitoring the device while the employee is working helps protect a company’s trade secrets by facilitating

• Removal of unnecessary trade secret information from the device on an ongoing basis
• The marking of data/information as “confidential” and/or
• Adding heightened levels of passcode security and protocols to the device and data files

For more information or if you have legal questions about data security, consumer privacy or  protecting your company’s trade secrets, contact the internet lawyers at Revision Legal at 231-714-0100.