Keep pace with legal requirements as mobile devices inundate offices.

• Author: Johnson, Elizabeth
• Position: LAW JOURNAL 2012

With 87% of employees confirming they use personal electronic devices for work, designing a workable "bring-your-own-device" program is probably overdue. BYOD is a tricky issue; 48% of companies claim they would never authorize employees to use personal devices for work, but 57% acknowledge that employees do it anyway. The wave of mobile devices has already flooded your offices. It's time to figure out what to do about it.

Talent recruitment and cost concerns

Almost half of college students and young employees say they would accept lower pay in exchange for flexibility on device choice, social media and mobility, indicating it will be difficult to compete for new talent without adopting a BYOD policy.. Your business may be able to save on device purchases and information technology support, but all that savings could be wiped away if a lost personal device results in a reportable security breach (average response cost is over $5 million) or if sanctions result because contents of the device are considered discoverable in litigation but cannot be produced.

Productivity and social media

Let's be realistic: Your employees already use Facebook during work time, and blocking the site won't help since we've already established that they use personal devices at work. Think of BYOD as a means to retrieve some of those lost hours. Seventy-two percent of employees regularly check their emails from personal devices outside normal business hours, and 42% check even when out sick.

If you enable BYOD, social media use may go up, but temper your 'zeal to prohibit or monitor that use. In recent years, employers have been repeatedly dinged by the National Labor Relations Board for overly broad social-media policies, were found liable for accessing employees' social-media communication in unauthorized ways, and scaled back reviews of social-network sites due to Fair Credit Reporting Act liability. Employers should revisit their social-media policies to make sure they are not already running afoul of this rapidly evolving list of pitfalls.

Information security and compliance

Here are a few examples of the potential impact of BYOD on security and compliance:

* Device loss or theft could result in a security breach that must be reported to regulators and affected individuals if personal information is involved and potentially to business partners if confidential information is involved. Loss of access credentials can jeopardize enterprise security.

* Almost...