By: Kacie L. Manisco
A growing number of companies have implemented Bring Your Own Device (BYOD) programs that allow employees to use their own phones and devices for both business and personal activities. Such programs benefit employers and employees alike, reducing information technology costs for employers, while providing employees the freedom and ease of working on a single device of their choosing. Unfortunately, however, the tendency of BYOD programs to blur the line between an employees’ work and personal life implicates a myriad of legal issues. One such issue likely to be tested through the courts in the near future is the trend of “remote data wiping.”
Many Companies have taken to data wiping as means of removing trade secrets, intellectual property and other confidential information from departed employees’ personal devices. While some employers limit the wipe to sensitive company data, others chose to erase the contents of the entire phone to ensure absolutely no confidential information leaves with the employee. In doing so, all personal data on the device such as contacts, messages, and photos are also deleted. Employee complaints regarding this practice are on the rise. There have been reports of employees demanding compensation from employers for lost data, including a demand from an employee who lost photos of a deceased relative. While no legislation or case law has shed light on this issue, experts suggest ex-employees will find legal remedies in computer-trespass statutes, which were originally designed to prosecute computer hackers. As such, employers should carefully consider how to handle privacy and data security challenges implicated by this practice.
Employers should develop and disseminate a comprehensive BYOD policy that includes a conspicuous remote data wiping policy. Before performing the data wipe, the employer should obtain clear and unambiguous consent from the employee and maintain records of such consent. Employers would also be wise to give proper warning immediately prior to the data wipe so the employee has an opportunity back up any personal data, while also communicating that back-up of corporate data or information is strictly prohibited. Such precautionary measures should strike a balance between the employee’s rights and the employer’s interest in protecting proprietary information while the issue of remote data wiping hangs in legal limbo.