A: Businesses are increasingly encouraging employees to bring their own devices to work, both for cost reasons and because so many employees own their own electronic devices it sometimes seems unnecessary to supply another one.
As you say, there are risks. In particular, your confidential information is then stored on a device that you do not own and therefore cannot control completely. Employees may well not like the idea of you attempting to place restrictions on what they do with their own property.
However, if you do want to encourage employees to use their own devices, then it is key that you have a tightly drafted policy in place regarding their use of the device once it does have your confidential information downloaded on it.
In particular, you need to make it clear that they cannot let other people use the device despite it being their property. This might not be practical in relation to an employee’s family. However, at the very least you should try to require the employee to be actively supervising the use of the device if they are allowing other family members to use it and notify you if it is ever lost.
You also need to restrict them from transferring the information to other devices without your consent. There are often risks when an employee is looking to leave to join a competitor that they may be tempted to transfer confidential information for example, to their personal email account. If they are using the company systems, this can usually be spotted. However, if the information is on the employee’s own device in the first place, it may not be so easy to prevent or police. So you may not want all of your customer information or trade secrets on a device which is not your company property.
The other point is to make it clear in a policy that on the termination of employment for whatever reason, the employee agrees that they will hand over the device and that it will be wiped of anything that is your confidential information.
These measures do not guarantee you 100 per cent security because of the difficulty in policing them but if you ever did discover that there had been a breach, then it would be potentially easier to take action against the employee.
Paul Callaghan is a partner at international law firm Taylor Wessing.