In other words, your employees are connected all the time, both at, and away from work. It also means you need to have a policy to account for this penetration of mobile devices.
Here are 10 questions for you to think about in drafting (or revising) your mobile device policy:
- Do you allow for your employees to connect personal devices to your network? Or do you limit network connectivity to employer-provided devices? And, where is the data stored, on the device itself, or remotely? The answer to these questions will not only impact the security of your network, but also dictate which mobile devices and OSs will your company support.
- Do you permit employees to use mobile devices in the workplace? It’s difficult to require employees to check their devices at the door. But, if you have safety-sensitive positions, you should consider protecting these employees from the distractions mobile devices cause.
- Who pays for the device, not just at its inception, but also if it is lost or broken and needs to be replaced? If you require your employees to reimburse for lost phones, state wage payment laws may limit your ability to recoup via a paycheck deduction.
- And, do employees have an expectation of privacy as to data transmitted by or stored on the device? Do you tell employees that their expectation of privacy is limited or non-existent? Are you tracking employees via GPS, and, if so, are you telling them? In light of last week’s ruling in U.S. v. Jones, limiting employees’ expectation of privacy is more important than ever.
- For non-exempt employees, do you permit mobile devices to be used for business purposes, and if so, do you prohibit their use during non-working hours? Otherwise, you might be opening your organization up to a costly wage and hour claim.
- Do employees know what to do if a device is lost or stolen? Do you have the ability to remote-wipe a lost or stolen device? Even if you have the ability to remote-wipe a device (and if you don't, you should), your employees will prevent a remote wipe if their first call upon losing a device is to Verizon (which will deactivate the phone) instead of your IT department.
- Do you prohibit employees from jailbreaking their iPhones or rooting their Androids? These practices void the phone’s warranty. Also, consider banning the installation of apps other than from the official iTunes App Store or Android Market. It will limit the risk of the installation of viruses, malware, and other malicious code on the devices.
- Are devices required to be password-protected? It will provide an extra layer of protection if the device is lost or stolen. Also, your industry might dictate an added layer of protection. Do you employ lawyers or medical professionals, for example? If so, ethical rules or HIPAA might mandate password locks.
- Do you forbid employees from using their mobile devices while driving? 35 states (but not yet Ohio) have a laws that bans some type of mobile device use while driving. It is safe to assume that the other 15 states will soon join in. Even if your state is not included, do the right thing by suggesting your employees be safe while operating their vehicles.
- How does your policy interact with other policies already in existence? Your mobile device policy should cross-reference your harassment, confidentiality, and trade secrets policies, all of which are implicated by the use of mobile technology.