Your employees may return to the office after the holidays with new gadgets strapped to their wrist. Wearable devices like the Apple Watch, Android Wear smart watch, and FitBit are some of the hottest holiday gifts of 2015. Or maybe your company gave wearable devices as gifts to its employees. Either way, wearables are showing up more and more in the office. With that trend come a slew of legal concerns. Here are some of the legal issues created by wearables to be aware of:

Privacy

Wearable devices make it easier to violate privacy rights. If the wearable device is employer-issued, it could be used to track and monitor employees. Be sure to give notice to employees before doing that, and obtain their written consent to having their activity monitored. Employees should be told what information the company collects and how it will be used. If your workforce is unionized, use of wearables for monitoring purposes may be a point for collective bargaining.

Then there’s the privacy of co-workers. Some wearables can record audio and video, but they’re generally less detectable than smartphones and cameras. An employees’ ability to record interactions with co-workers and customers without their knowledge raises a variety of legal challenges. Workplace policies should explain the circumstances under which certain categories may or may not be used and describe the kind of notice employees who use wearables in the workplace must give to co-workers and customers.

Data Security

If a wearable device is allowed access to the company network, it should be subject to BYOD policies like use of encryption, strong password requirements, device locks, etc. Don’t let wearables be an undetected hole in your network’s security. Also be sure to preserve the right to collect work-related information stored on your employees’ wearable devices, as such access might be necessary to comply with information requests in an investigation or litigation.

Productivity

Smartphones and web browsers already give employees plenty of opportunities to engage in distractions that kill productivity, and wearables make that problem even more challenging. Consider modifying your workplace policies to address the use of company resources and company time to engage in personal activity using wearables.

Suppose an email from your company’s in-house attorney instructs you to preserve all documents relating to an ex-employee who is threatening to sue for wrongful termination.  In the days before smartphones and cloud storage, this would have been a relatively limited exercise: paper documents would be set aside and files on the company server would be backed up.  But work-related data can be stored in many places today, including personal devices of employees.  Is a company required to preserve such data?

Costco Wholesale recently faced that issue in an employment discrimination and retaliation lawsuit.  See Cotton v. Costco Wholesale Corp., 2013 WL 3819974 (D. Kan. July 24, 2013).  The plaintiff asked Costco to produce text messages on the personal cell phones of two of its employees who mentioned the plaintiff or his allegations.  Costco objected on the grounds that the discovery request required it to invade the privacy of its employees, and there was no indication that the employees sent inappropriate text messages or used their personal phones for work purposes.  The court denied the request, determining that Costco did not have possession, custody, or control of the text messages.

Although the court in the Cotton case ruled that the employer had no duty to produce information stored on the personal devices of the employees in question, the outcome might have been different if the facts had changed even slightly.  Courts in other jurisdictions might also have taken a contrary approach.

The law in this area is far from clear, but following the guidelines below will help a company address e-discovery issues in their policy on personal electronic devices.  An easy way to remember the guidelines is to think of the acronym “APPS”:

  • Access: Reserve the right to access personal devices that store work-related data.  Access is crucial if the company is legally required to collect and produce data residing in the personal devices of an employee.
  • Permission: Clearly specify what personal devices employees are authorized to use for work-related purposes, if any.  Consider keeping a log of authorized personal devices and require employees to update the log whenever they start using a new authorized device or retire an existing one.  Your company’s document retention policy should extend to authorized devices.
  • Privacy: Notify employees that they should have no expectation of privacy to data stored on a personal device if they use the device for work purposes.  This prevents the company from being liable for invasion of privacy should it need to search the contents of a personal device to respond to a discovery request.
  • Segregation: If possible, segregate work-related content from personal content on personal devices.  Segregation can be implemented with software solutions, but if that is not feasible, at a minimum, instruct and train employees who use a personal device for work on how to keep their personal information separate from work data stored on the device.  For example, storage of work-related data in a personal cloud storage account should be prohibited.

Follow the above guidelines to avoid getting caught off-guard by e-discovery requests.

Enhanced by Zemanta

No, it’s not an acronym advising you to come to dinner with your favorite vintage of pinot noir.  BYOD stands for Bring Your Own Device, a movement that’s changing the landscape of information technology at workplaces across the globe.  In the “old days,” companies issued electronic equipment to employees for work use.  Today, employees want to use the latest electronics of their own choice for both work and play.  Surveys consistently show that companies are giving in to such requests, citing the benefits of increased productivity and morale, as well as cost savings from not having to buy the equipment themselves.  However, BYOD programs also create legal risks for companies, including:

  • Violation of labor laws like the Fair Labor Standards Act due to the ability of workers to rack up overtime by doing work on personal devices practically anywhere and at any time, whether or not such overtime is authorized by management
  • Violation of laws prohibiting disclosure of the private information of customers, clients, or patients, such as the Health Insurance Portability and Accountability Act and the Gramm-Leach-Bliley Act
  • Inadvertent disclosure of proprietary company information, which jeopardizes their confidentiality, and as a result, their status as protected trade secrets
  • Complicating the e-discovery process, because electronic data that fall within the scope of a discovery request may reside on devices besides those under the direct control of the company

In light of these risks, the knee-jerk response of management might be to forbid BYOD entirely, but that is not necessarily the best approach.  BYOD is more prevalent than one might think.  A form of BYOD is in play whenever someone stores work data on a personal cloud storage account, uses a personal laptop to draft a memo for work, or forwards work-related word processing files to a private email account for easy access from home.  A company need not officially adopt a BYOD program to have one, which is all the reason why management should be proactive about putting BYOD policies in place.

Learn about the specific risks that a BYOD program creates for your company.  Develop guidelines on acceptable and unacceptable use of personal devices for work-related purposes.  Notify employees of the policies in writing and provide training.  Don’t wait until it’s too late!

Want more tips on BYOD?  Come to the Advanced Employment Issues Symposium in Las Vegas from November 13-15, where I’ll be giving a presentation on “BYOD Challenges: When Employees Bring Their Own Devices to Work.”  Registration information is available at www.aeisonline.com.

Enhanced by Zemanta