BYOD policy: Employee right to social media privacy is paramount

Violations of certain rights can land companies in hotwater.

If your company lets employees bring their own devices for work purposes, you'd better have a formal BYOD policy-one that understands employee privacy rights and employer access rights.

Such policies are often crafted by legal experts for good reason. Violations of certain rights can land companies in hotwater. Management consulting firm Janco Associates has created a 14-page BYOD policy template covering everything from help and support to disaster recovery to access control.

In the privacy section, Janco outlines legal issues.

Janco cites one of the cornerstone legal considerations calledthe Stored Communications Act, or SCA. It deals with the disclosure of stored wire and electronic communication and transaction records retained by third-party Internet service providers, or ISPs.

Essentially, SCA prohibits ISPs from divulging a customer'scontent. Companies attempting to access electronic communicationsstored at an ISP without authorization can be fined or imprisoned.The employee can also seek a civil remedy.

There is a legal precedent favoring employee rights: Pietrylov. Hillstone Restaurant Group in 2009, whereby a couple ofemployees created a MySpace page to complain to registered membersabout the company. Managers allegedly pressured one member, another employee, to give up her log-in ID and password to access the MySpace page.

The two employees that created the MySpace page were outed and fired, yet the court upheld the jury's verdict that Hillstone was liable for violations of the SCA.

One can only imagine similar scenarios playing out on a BYODsmartphone or tablet. These devices access an employee'sFacebook page and other password-protected social networks and personal data residing on servers. With the rise of BYOD,technology and legal experts are now predicting employee lawsuits concerning privacy violations, unpaid overtime and other issues.

Story: BYODLawsuits Loom as Work Gets Personal

The message is, do not try to gain unauthorized access to an employee's private social networks, says Janco. Youshouldn't even ask an employee to provide log-ins and passwords to a private site, because you may have to show that you didn't coerce or threaten the employee to comply.

"The Stored Communications Act is outdated as its author snever contemplated the prevalence of social media and BringYour Own Device [BYOD] computing environment," Janco writes in itspolicy template.

"Companies don't have to stop monitoring because of theStored Communications Act; they just have to be smart about it. If you ask the owner or administrator for access to a private site and they say no, walk away. Recognize the limitations imposed byemployment and privacy laws on your ability to monitor employee sites."

Tom Kaneshige covers Apple, BYOD and Consumerization of IT for Follow Tom on Twitter @kaneshige. Follow everything from on Twitter @CIOonline, Facebook, Google + and LinkedIn. Email Tom at

Read more about byod in CIO's BYOD Drilldown.

Join the CSO newsletter!

Error: Please check your email address.

Tags Consumerization of IT | BYODpolicysecuritysociallegalIT managementprivacyconsumerization of ITBYODJanco Associates

More about AppleFacebookGoogleJanco Associates

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Tom Kaneshige

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place