If your employer has implemented a new BYOD (Bring Your Own Device) policy and you elect to access your company’s email from your personal cell phone, it is likely that you have implicitly agreed that upon termination (or other events), your employer can, remotely and without notice, wipe your personal data device returning it to factory settings.
Often there is a pop-up which will ask if you “accept” the terms and conditions of use when you log into the email server. This is where the waiver is often located allowing your employer to remotely wipe out all data on your phone.
I spoke to a young woman recently who had decided to leave her employment. She provided two weeks’ notice, but shortly after she made her intentions clear her employer informed her not to return. Her employer offered her a small severance and some other incentives in exchange for executing a release of the employer. That same day, shortly after she contacted an attorney to review the written settlement agreement, her personal cell phone shut off. When she turned it back on it had been re-set to the factory settings. Gone were videos and pictures of her deceased grandmother, videos and pictures of graduations, grand-children’s birthdays, first words, first steps, Christmases, her daughters’ proms, and vacation photos. Her phone contained important medical information and appointments, invoicing, and all of her contacts. She had been writing a book. Everything, gone.
Apparently, like many employees these days, this woman had felt it necessary to be able to access her work email from her private cellphone so that she could stay “up to date” on important communications from both her employer, as well as her employer’s customers.
I understand an employer’s desire to protect sensitive and/or proprietary data, however, if an employee is asked to use their own devices in order to stay “in the loop,” this new BYOD policy must not then be used to justify unlawfully wiping out all of the employee’s personal data on their private, personal phones, tablets or laptops. Although remote wiping is a fairly new employer tactic, there is existing software which enables the “surgical” removal of access to say – the company email server – and, yet leaves the employee’s personal data intact.
If you are an employer, you need to develop a sensible, fair and obvious written policy regarding the access of company data on a personal device, and at the least, make sure your IT department knows if the devise they are sending an email to wipe out is a personal device, or whether it is owned by the company. Unless you want to be part of making case law on this subject, I would suggest you acquire and use appropriate software which will allow your IT department to delete access to company email and other company documents, but will appropriately leave personal data intact.
If you are an employee who is asked to BYOD for purposes of work, make sure you receive in writing that your employer will not wipe out your personal device for any reason, and if they are responsible for lost personal data, they agree to liquidated damages. Better yet, do not use your personal device for work. I understand for some this might be difficult, but I am pretty sure the inconvenience of carrying multiple devises is easier to accommodate than the loss of all of your personal pictures and data. If you must use your personal device for work, make sure you regularly back up your data so you do not find yourself in the position of being unemployed and at the same time grieving the loss of irreplaceable personal life experiences.