As new technologies advance and their capabilities increase, bring your own device (BYOD) schemes have become more popular in the workplace.
If you read nothing else, read this:
- Employers need to ensure staff comply with the Data Protection Act when implementing a bring your own device (BYOD) to work scheme.
- BYOD schemes enable employees to be flexible, fast and productive.
- A big cultural change is required to implement a BYOD scheme.
BYOD schemes allow employees to use their own electronic devices, such as smart phones, laptops and tablet computers, in the workplace. Such schemes have become more widespread because they allow employees to be more flexible and responsive.
A YouGov poll commissioned by the Information Commissioner’s Office (ICO), published in March 2013, revealed this year that 47% of all UK adults now use personal equipment for work purposes. But in the world of cyber infiltration and computer viruses, concerns about BYOD schemes have been raised, and are often not being addressed.
The same ICO survey found that fewer than three in 10 users of BYOD schemes had received guidance from their employer on how to use their devices appropriately at work, and to ensure they comply with the Data Protection Act.
Beware security risks
In the light of concerns around BYOD schemes, the ICO has issued guidance for employers. It recommends that an employer’s BYOD policy should cover: what type of personal data can be processed on the device, and if and how it is stored; which documents are allowed to be accessed through a personal device, and how controls can be put in place if the device is lost or stolen.The ICO also states that if employers are unable to provide their employees with electronic devices, they should consider implementing a BYOD policy.
Laurent Bouchoucha, sales development director, Europe, Middle East and Africa, at Alcatel-Lucent Enterprise, says: “There are a number of issues about BYOD. The first is security and the second is about trying not to make life complex for employees. Employers need to build the security and BYOD policies first, and then the tools.”
How to implement a scheme
Martha How, principal at Aon Hewitt, says employers can take various approaches to a BYOD scheme. One way is for an employer to provide staff with a cash allowance, which they can use to buy a device. This is straightforward for the employees, but the cash allowance will be subject to tax.
How says a salary sacrifice arrangement is the best option for employers. “The smartest way to implement a BYOD scheme is to use a salary sacrifice plan, where an employee would source a device and pay for it via their employer,” she says. “As long as it’s structured properly, it can be tax-effective.”
Another area of concern for employers is the speed at which technology can become obsolete. The ICO points out that data is still largely generated on PCs, but because this data is increasingly accessed on user-owned, hand-held devices with a shelf-life of one to two years, rather than five to seven, employers are having to manage that data more proactively.
With a wide array of operating systems available, the challenge of managing the higher disposal frequency of such devices can quickly put a high demand on resources. Not only must obsolete devices have all confidential data wiped before they are discarded, says the ICO, but new devices must be synchronised and brought up to par. Existing devices that are upgraded cyclically, for example mobile phone contracts that are renewed every year, may have to be reconfigured.
John Laity, an independent BYOD consultant, says such schemes require a cultural change within an organisation because they involve employees supplying their own equipment for work: “For instance, one day an employer is supplying an employee with a PC, but the next day the employer is expecting the employee to contribute to the cost of the PC,” he says. “It’s nothing to do with IT security, it’s to do with workflow. Employers have realised that you don’t necessarily need to have a piece of technology sat on an employee’s desk.”
Bouchoucha adds: “It’s a revolution. Before, IT departments were dictating what types of tools could be used. But now it’s not just a couple of employees that are requesting access to their own devices; the number of employees doing so is increasing. Also, it’s coming from very high up in organisations, including chief executive officers.”
Laity says employers must be flexible and pragmatic, and address the job need for personal technology: “Does a supermarket employee looking up a stock record actually require to have a high-powered PC with a security standard equivalent to the employer’s finance director’s PC? The answer is no.”
John Laity will be speaking about BYOD schemes at Employee Benefits Live on 25 September.