In an earlier article, I mentioned that at one of our many areas of expertise is assisting businesses to actively manage mobile phone fleets. Part of effective management includes the deployment and enforcement of essential policies, yet when it comes to mobile phones and other handheld devices, policy is an area that’s often overlooked, or at best given a cursory nod.
Policies are not just for corporate environments. Any size of business can see tangible benefits of mobile phone policy.
A well written mobile phone/handheld device policy will, amongst other thing, help to:
- Avoid exposure to legal liabilities
- Contribute to the health and well-being of employees
- Inform and educate employees
- Guide managers consistently
- Control costs
- Protect the company’s intellectual property
The following is by no means a comprehensive list, but a properly crafted mobile phone policy may include guidance on:
- Possible health hazards of mobile phone use
- Use while driving
- Use while abroad
- Personal privacy
- Data security measures
- Theft or loss of devices
- Use of employee’s own devices
- Provision of accessories/upgraded handsets
- Ownership/migration of mobile phone numbers
- Personal use of mobile phones
- Reimbursement of non-business costs
Employers’ liabilities to employees
Vicarious liability – where an employee causes harm while performing his job as required by his employer – can be expensive and traumatic for the employer. The obvious example is an employee who is involved in a car accident during working hours whilst using his mobile phone. Employers also have a duty to safeguard the health of staff members. This includes minimising exposure to actions which can lead to musculoskeletal disorders such as repetitive strain injury (RSI).
Without a clearly written and well-communicated policy on the use of mobile phones and handheld devices (whether or not provided by the employer), the employer is exposed to increased risk, the impact of which can be substantial.
Compensation, increased insurance premiums, fines, staff absence, sickness, damage to reputation and decreased workplace morale all carry significant costs. Employers can reduce (although not entirely eliminate) exposure to various liabilities by:
- Having a comprehensive, up-to-date mobile phone/handheld device policy
- Ensuring that the policy is consistently and rigorously enforced.
With the emergence of smartphones – and the anticipated exponential rise in ownership following the rollout of 4G services in the UK – concerns about data security of handheld devices are amongst the forefront thoughts of most CIOs and IT managers. The potential damage to a business is immense should a handheld device be lost or stolen. Contact lists, sensitive emails and documents containing valuable intellectual property could easily fall into the wrong hands. Equally concerning, handheld devices could allow simple unauthorised access to company systems if employees have stored passwords and usernames on the device.
Questions to ponder include:
- Which company systems are employees permitted to access on handheld devices?
- Are any controls needed for users who log on to company systems via handheld devices?
- When and for whom must frontline defences (e.g. PINs/face recognition software) be used?
- Are employees permitted to download and install apps?
- Can the handheld device be deactivated remotely?
There will necessarily be a degree of overlap between mobile phone/handheld device policies and general IT policies, particularly as the uptake of Bring Your Own Device (BYOD) gathers pace in the workplace. With multiple operating systems, evolution of devices and rapid pace of change, it may well prove to be nigh on impossible – and prohibitively expensive – for IT departments to safeguard company systems from all future security threats.
By implementing and enforcing a robust and transparent mobile phone/handheld device policy, the weaknesses presented to IT systems by these devices can instead be addressed through employee engagement and managerial oversight. It’s can be an very effective risk management strategy. This is exactly the approach taken by telecoms provider Colt, who made a conscious – and cost-effective – decision to remove their IT department from their BYOD programme. Perhaps a wise move, given that a recent study of 4,000 workers revealed that 80% of corporate BYOD schemes were “inadequately managed by IT departments.”
Enforcement of Policy
Policy enforcement has traditionally been achieved through disciplinary action. Complementary techniques include incentivising compliant employees through, for example, early handset upgrades, provision of cash rewards or provision of financial assistance for BYOD product support.
The policy should be regularly reviewed and updated as required. All employees should be made aware of the latest version of the policy, ideally with ‘read and acknowledged’ documentation being retained on file.
Above all, the mobile phone/handheld device policy must reflect the requirements, ethos and future direction of the company. A bespoke policy will serve the company’s long-term needs more effectively and more profitably than any off-the-shelf solution.