Personal devices, like smart phones and tablets, have undoubtedly changed the way we interact with technology and with each other. On a single, hand-held device we can access all of our email accounts and social media accounts, and can store all of the details of our personal and professional contacts.
With so much information at our finger tips, it is easy for the personal and the professional to be confused. This is particularly the case where employees can BYOD (bring your own device) and use their personal devices for work purposes. In a single app, employees can view and send both work and personal emails, manage their work and personal diaries or store their work and personal contacts.
Sometimes, all it takes is one accidental or careless swipe or tap to send the wrong thing to the wrong contact. ABC News recently covered a story in which this happened. The Mayor of a local council in outback Queensland accidentally used his personal mobile phone to send inappropriate pictures (including nudes of himself) to his council email account a number of years ago.
The indiscretion was discovered by a council IT expert who found the pictures when reviewing emails on the council’s server. A complaint was formally lodged and reviewed, the result of which was that the Mayor was required to formally admit his mistaken use of the council’s IT resources and was required to undergo counselling in the proper use of such resources.
The incident has since become the subject of public record, including in the council’s minutes and in a public register of complaints.
Whilst it seems that the Mayor’s constituents don’t seem to be too bothered by the incident, there are some important lessons to be derived from this example, for both employers and employees.
Firstly, employers should always ensure that employees who BYOD are aware of the limits on usage of the employer’s resources that they may have access to through their personal device. For example, employees should know that simply because they have access to their work email on their personal device, their work email account is not to treated as a personal resource. Similarly, employees should know that the work contacts they may accumulate on their personal mobile phone are not their contacts, but are the contacts of the employer and should be treated accordingly.
Employers should also maintain robust IT policies that set out, at a minimum, the employer’s expectation in relation to the use of its IT resources, the limits on use, the consequences for breaching the policy and any monitoring or surveillance that the employer may conduct.
Employees should be trained on the IT policy, the code of conduct (which should apply to conduct over email, on the phone and on social media) and how to properly use the resources they have access to. Training allows employers to reinforce their expectations and delivers information directly to employees so there can be no confusion as to whether an employee is aware of what is expected of them.
Finally, if in doubt don’t allow BYOD and instead, provide employees with employer-owned devices. This reduces the risk that the professional and personal lives of an employee will cross over and creates a clear delineation between what is the property and domain of the employer and the employee.
Inappropriate use of technology by employees can have serious consequences for employers including damage to the employer’s brand and loss of business from clients. It can also result in disciplinary action for employees including the termination of employment.
For these reasons, careful management of employee use of IT resources is a critical risk management strategy for employers.
Information provided in this blog is not legal advice and should not be relied upon as such.
Workplace Law does not accept liability for any loss or damage arising from reliance on the content of this blog, or from links on this website to any external website. Where applicable, liability is limited by a scheme approved under Professional Standards Legislation