BYOD policy: Employee right to social media privacy is paramount

By , CIO |  Consumerization of IT, BYOD, byod policy

If your company lets employees bring their own devices for workpurposes, you'd better have a formal BYOD policy-one thatunderstands employee privacy rights and employer access rights.

Such policies are often crafted by legal experts for goodreason. Violations of certain rights can land companies in hotwater. Management consulting firm Janco Associates hascreated a 14-page BYOD policy template covering everything fromhelp and support to disaster recovery to access control.

In the privacy section, Janco outlines legal issues.

Janco cites one of the cornerstone legal considerations calledthe Stored Communications Act, or SCA. It deals with the disclosureof stored wire and electronic communication and transaction recordsretained by third-party Internet service providers, or ISPs.

Essentially, SCA prohibits ISPs from divulging a customer'scontent. Companies attempting to access electronic communicationsstored at an ISP without authorization can be fined or imprisoned.The employee can also seek a civil remedy.

There is a legal precedent favoring employee rights: Pietrylov. Hillstone Restaurant Group in 2009, whereby a couple ofemployees created a MySpace page to complain to registered membersabout the company. Managers allegedly pressured one member, anotheremployee, to give up her log-in ID and password to access theMySpace page.

The two employees that created the MySpace page were outed andfired, yet the court upheld the jury's verdict that Hillstonewas liable for violations of the SCA.

One can only imagine similar scenarios playing out on a BYODsmartphone or tablet. These devices access an employee'sFacebook page and other password-protected social networks andpersonal data residing on servers. With the rise of BYOD,technology and legal experts are now predicting employee lawsuitsconcerning privacy violations, unpaid overtime and otherissues.

Story: BYODLawsuits Loom as Work Gets Personal

The message is, do not try to gain unauthorized access to anemployee's private social networks, says Janco. Youshouldn't even ask an employee to provide log-ins and passwordsto a private site, because you may have to show that you didn'tcoerce or threaten the employee to comply.

"The Stored Communications Act is outdated as its authorsnever contemplated the prevalence of social media and BYOD (BringYour Own Device) computing environment," Janco writes in itspolicy template.

"Companies don't have to stop monitoring because of theStored Communications Act; they just have to be smart about it. Ifyou ask the owner or administrator for access to a private site andthey say no, walk away. Recognize the limitations imposed byemployment and privacy laws on your ability to monitor employeesites."

Tom Kaneshige covers Apple, BYOD and Consumerization of IT for CIO.com. Follow Tom on Twitter @kaneshige. Follow everything from CIO.com on Twitter @CIOonline, Facebook, Google + and LinkedIn. Email Tom at tkaneshige@cio.com

Read more about byod in CIO's BYOD Drilldown.

Don't miss...

Top 10 programming skills that will get you hired
Top 10 programming skills that will get you hired

25 crazy and scary things the TSA has found on travelers

8 famous software bugs in space

  Sign me up for ITworld's FREE daily newsletter!
Email: 
 


Originally published on CIO |  Click here to read the original story.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Consumerization of ITWhite Papers & Webcasts

See more White Papers | Webcasts

Answers - Powered by ITworld

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question