Legal and Other Implications of B.Y.O.D. (Bring Your Own Device) Delivery through Agility - A trend which is catching up?

TheAttorneys Corporate Law Consultants Legal and Other Implications of B.Y.O.D. (Bring Your Own Device) Delivery through Agility - A trend which is catching up? In today s fast paced working world where
of 7
All materials on our website are shared by users. If you have any questions about copyright issues, please report us to resolve them. We are always happy to assist you.
Related Documents
TheAttorneys Corporate Law Consultants Legal and Other Implications of B.Y.O.D. (Bring Your Own Device) Delivery through Agility - A trend which is catching up? In today s fast paced working world where time and motivation is of essence, the concept of BYOD or bringing one s own communication device, be it a laptop, tablet or a Smartphone to the workplace for largely work oriented activities seems to be widely accepted and catching on in the Indian Corporate Space with the sole eye to encourage and foster increased work efficiency, a happiness quotient in the workplace and lower operating costs. Though this tool is seen as a progressive movement particularly benefitting the employee and his/her productivity at the work place; this at the same time deploys and raises several legal issues in terms of security, ownership and protection of intellectual property, employee privacy, rules of evidence among others, which are imperative to factor in and work around while implementing this model. This exciting new way of working, is fast catching up in the United States and Europe amongst large and medium scaled organizations across the board- the benefits being without a doubt compelling. Yet, for all it s novelty and umpteen cost and work advantages; the universal fears of security breach, data protection and privacy issues renders a mindset of caution and conservativeness, while unleashing this in an organization. It is an interesting view point that around 51 per cent of U.S. Firms have a BYOD policy in place to stem such fears. 2012, TheAttorneys Page 1 Indian Corporations and Organizations have shown a keen interest to adopt this tool and over the last couple of years have gone that extra mile to build policies around the existing loopholes and implement them. With the thought and a need to implement; arises issues we must keep in mind and plug to render the model robust and free from any kind of Data, Security or Legal breach. Some of the issues to consider are as under (discussed in subsequent pages): 1. Intellectual Property 2. Privacy 3. Issues w.r.t. evidence under certain disputes 4. Security 5. Employer-employee relationship and vicarious liability 6. Contract Act 7. Tax issues 8. Various policies of companies Issues and Flags: 1. Intellectual Property a. Ownership As per the Copyrights Act, 1956, the ownership on the copyright work under an employer-employee relationship vests with the employer, unless there exist a contrary agreement. Under Patent laws, the right to file for patent application is to the inventor or its assignee. Also, under Designs Act, 2000, the design copyright application can be filed by the proprietor or such other persons as permissible under the Designs Act, Under the BYOD scenario, the communication device will be owned and controlled by the employee. The employee usually works around 8-10 hours on a five-day week basis and beyond such time and days the employee is outside the boundaries of employer-employee relationship. If employee uses his owned and 2012, TheAttorneys Page 2 controlled communication device to create or generate any intellectual property, either as an improvement to the employer s intellectual property or independent of employer s intellectual property, there are complexities involved in the rightful ownership or claim over such intellectual property. Further, the question on database rights where employee uses its own communication device to develop clients / customers for the employer. Such issues need to be tackled rightly through various documents and policies which need to be agreed by the employee. b. Infringement liability Employee having ownership and control over the communication device can have multiple intellectual properties stored or used in such communication device. The employee when using the personal device at employer s premises or using employer s infrastructure can potentially engage in intellectual property infringement activities. The internet protocol address of the employer will be used and recorded while the employee is engaged in an infringement activity at employer s premises. Further, employee can also store third party intellectual property in his/her communication device when using the same at employer s premises. All of the above pose significant direct and tortious liabilities on the employer. c. Software / application tools licenses Employees will obtain personal licenses on software whether application or tools to be used on their own devices. However, these devices are to be used materially or significantly to perform functions of the employers. The software licensors may have questions to both employee and employers as the software vendors usually price their software for retail consumption vs. corporate usage. 2. Privacy When the communication device is owned or controlled by the employer and given to the employee, there exist a legal relationship or care and diligence to be exercised by employee in relation to the communication device. The employer, being the owner / having control over the communication device 2012, TheAttorneys Page 3 can monitor the usage of the device by the employee and can control and direct the nature of information which the employee can create and store in the communication device. However, when the device is owned / controlled by the employee and is used for employer s activities and otherwise, the employer needs to have sufficient right to monitor the usage and undertake surveillance of the usage by employee of the communication device in relation to employer s activities. While employer seeks appropriate rights, employer s need to be cautious on trespassing over the non-employer related personal and private information of the employee. Constitution of India, applicable data protection laws and applicable private monitoring and surveillance laws, governs the rights of employee in relation to the data in the communication device and corresponding rights of employer to monitor the usage of employees activities. 3. Issues w.r.t. production of evidence under certain disputes Employee while using its own communication device for creation, dissemination and storage of data and records, generates and records various evidences which will be required under any law enforcement enquiries / investigations and litigations. Further, any deletion of data of records by employee which are subject matter of litigations and investigations could lead to significant risks on employer both direct as well as under tort. Employers need to be cognizant of the laws with respect to submission / recording of electronic evidence when the electronic evidence is to be submitted from the communication device owned / controlled by the employee. 4. Security Significant security challenges exist in this context, and most of them arise due to the lack of control companies have over their employees devices. Some of the critical issues would be in the context of: Monitoring the device to detect misuse, hacking or malware Application of security patches to protect information from being leaked Installation of security related software 2012, TheAttorneys Page 4 Organization mandate on how the device is used and connects to the organization network Protection through installation of anti-virus software Implementation of system requirements etc To reduce legal and liability risk, companies implementing a BYOD strategy need to carefully analyze their existing security policies to determine how they relate to and impact their employees use of their personal devices for business purposes. Policies that may be relevant, include (without limitation): mobile device security policies, password policies, encryption policies, data classification policies, acceptable use policies, antivirus software policies, wireless access policies, incident response policies, remote working policies, privacy policies, and others. If a company s security policies already require certain security measures, it must be determined whether it is possible to match those measures for personal devices. 5. Employer-employee relationship and vicarious liability As discussed above, employee could intentionally or unintentionally engage in some prohibited activities using his/her communication device while at the premises of the employer or by using other infrastructure of the employer. Few examples could be infringement of third party intellectual property, breach of confidentiality / trade secret, certain offences under Information Technology Act, These activities of employees could open up liabilities to employer. Employer need to have adequate and appropriate policies to avoid or at best mitigate liabilities. 6. Contract laws While employers draft and put in place various rules and policies to tackle the issues identified above and other identified issues, it is important to ensure that the manner in which such policies are drafted and accepted by the employees are recognized as enforceable contracts and not contract of adhesion. 2012, TheAttorneys Page 5 7. Tax issues: If the cost of device were to be reimbursed or funded (through soft loans) by the employers there could be tax issues w.r.t. perquisites and thereby increasing the cost of procurement to the employees. Further, employers need to ensure that its funding of communication device is secured if employee leaves the employment before the tenure of repayment is completed. 8. Various policies of the companies Employers may have to consider the following policies: personal device usage policy for usage and behaviour, personal device financing policy, electronic communications and social networking policy, information security policy, privacy policies, intellectual property policy etc. Suffice to say that the benefits of the B.Y.O.D policy outnumber the challenges is a sure sign that the policy is here to stay for long. The advantages of a BYOD policy though huge and largely attractive an Organization should look at the implementation of such a policy after carefully sifting through the various issues and data and security minefields and discussing this thoroughly with all Organizational Stakeholders; before going full throttle. ********** Disclaimer: This material and the information contained herein prepared by TheAttorneys is intended to provide general information on a particular subject or subjects and is not an exhaustive treatment of such subject(s). By means of this material, TheAttorneys is not rendering any professional advice or services. The information is not intended to be relied upon as the sole basis for any decision which may affect you or your business. Before making any decision or taking any action you may seek legal advice from a legal counsel. TheAttorneys shall not be responsible for any loss whatsoever sustained by any person who relies on this material. 2012, TheAttorneys Page 6 Delhi Office: 4th Floor, Statesman House, Building B wing Barakhamba Road New Delhi M: W: Mumbai Office: Level 3, Neo Vikram New Link Road Andheri West Mumbai M: W: Bangalore Office: 26 Cornwall Cross Road Langford Gardens Bangalore M: W: 2012, TheAttorneys Page 7
Similar documents
View more...
Related Search
We Need Your Support
Thank you for visiting our website and your interest in our free products and services. We are nonprofit website to share and download documents. To the running of this website, we need your help to support us.

Thanks to everyone for your continued support.

No, Thanks