Venable partner A.J. Zottola was interviewed in a June 12, 2015 CEO Update article on Bring Your Own Device (BYOD) policies. BYOD policies have become popular in for-profits and nonprofits in recent years as employees are frequently using their own smartphones for work purposes.
“As a general matter, I would suggest if you allow an employee to use their personal mobile device for work purposes—and often that means email or remotely connecting to an internal network—then you ought to have a policy,” said Zottola. He added that if a company already has a policy regarding the use of confidential material, it can be applied to a BYOD policy. “You can make use of and reference those existing policies, but you have to account for how you view the use of a personal mobile device and how the device will be permitted to access the nonprofit's facilities, networks, systems, communications, records—the property of the nonprofit.”
Zottola said privacy issues can be tricky to manage as neither the device owner or the association can claim ownership of all records. “On the one hand, a nonprofit can't say that everything on a device belongs to the nonprofit or is subject to nonprofit control,” he said. “On the other hand, the individual can't come into this with the expectation that the records of the nonprofit are not going to be subject to nonprofit control.” While most employers have policies in place stating employees cannot expect total privacy in work emails, Zottola added, “Most policy statements would try to apply that same thinking to the nonprofit's records.”
“As a general matter, I would suggest if you allow an employee to use their personal mobile device for work purposes—and often that means email or remotely connecting to an internal network—then you ought to have a policy,” said Zottola. He added that if a company already has a policy regarding the use of confidential material, it can be applied to a BYOD policy. “You can make use of and reference those existing policies, but you have to account for how you view the use of a personal mobile device and how the device will be permitted to access the nonprofit's facilities, networks, systems, communications, records—the property of the nonprofit.”
Zottola said privacy issues can be tricky to manage as neither the device owner or the association can claim ownership of all records. “On the one hand, a nonprofit can't say that everything on a device belongs to the nonprofit or is subject to nonprofit control,” he said. “On the other hand, the individual can't come into this with the expectation that the records of the nonprofit are not going to be subject to nonprofit control.” While most employers have policies in place stating employees cannot expect total privacy in work emails, Zottola added, “Most policy statements would try to apply that same thinking to the nonprofit's records.”