A growing number of employers provide their employees with smartphones, tablets, and other mobile devices to help them stay connected to coworkers, clients, and work projects. Some employers are even allowing employees to bring their own mobile devices to work for use on the job (also known as bring your own device or "BYOD" policies). While these policies can make employees more productive, they can also raise issues regarding pay, information security, and safety.

​

Below are some common potential concerns related to mobile devices in the workplace as well as guidelines for helping to manage them.

 

Pay

The Fair Labor Standards Act (FLSA) requires employers to pay non-exempt employees (commonly referred to as "hourly employees") for all time worked. Because mobile devices can be used anywhere and at any time, tracking hours worked can be a challenge. Additionally, if non-exempt employees use mobile devices for work while off the clock, it may lead to violations of the FLSA's pay requirements.

Tips:

• Identify business need. Before providing smartphones to non-exempt employees, analyze whether there is a strong business reason for doing so. Whenever possible, employers should consider limiting the use of smartphones and other mobile devices to exempt employees only. This can help to minimize pay issues related to after-hours work, since bona fide exempt employees are generally paid a set salary regardless of the amount of hours worked.
   

• Require employees to log work time spent on mobile devices. If non-exempt employees are permitted to use mobile devices for work, it is important to require them to record and report all time spent working using the device. For instance, they must be aware that checking work email or performing other work tasks is considered "hours worked". If the regular timekeeping system cannot be used to record after-hours work, employees should be instructed on how to promptly report such hours.
   

• Require approval. Consider requiring non-exempt employees to obtain written permission from their supervisor before using their mobile device for work during off hours. This can help to limit the occurrence of after-hours work. Note: Non-exempt employees must be paid for all hours worked, regardless of whether such time was approved in advance. Violations of the company policy on after-hours work should be addressed as a disciplinary matter without affecting the employee's regular or overtime pay.
   

• Provide general guidelines. It is a good idea to give employees guidance on how they should handle situations in which they receive a call or email from a client, coworker, or supervisor during off hours (e.g., only read or respond in emergency situations).
   

• Require review of time records each pay period. It is a best practice to require non-exempt employees to review and approve their timecards at the end of each pay period and notify their supervisor if there are any mistakes. This provides the employee with an additional opportunity to report after-hours work and can help to ensure that all time spent working is accounted for.

 

Safety:

The use of mobile devices while driving can lead to safety concerns. Many states and local jurisdictions prohibit individuals from operating a motor vehicle while using a handheld mobile device. The Occupational Safety and Health Administration (OSHA) may impose fines for cell phone-related driving accidents during work time. In addition, the use of mobile devices while operating other heavy equipment, such as forklifts or power presses, can lead to workplace injuries.

Tips:

• Prohibit use while driving. A best practice is to prohibit employees from using mobile devices while driving a vehicle or operating heavy equipment, even if your state or local jurisdiction doesn't bar such use.
   

• Provide general guidelines. Provide guidance to employees on how they should handle calls and other work-related tasks while on the road (e.g. using a hands-free device or pulling into a rest area).
   

• Consider technology to prohibit use while driving. Consider software options that prevent the use of mobile devices while a vehicle is moving.

• Require employees to report violations. Require employees to report any traffic violations related to the use of mobile devices and consider making such safety infractions subject to disciplinary action.

 

Information Security:

If employees are allowed to bring their own devices into work and connect to your network, consider information security and steps for minimizing risks, such as computer viruses or a breach of sensitive company data. If you provide devices to employees, also consider the risks if they connect those devices to a home computer, which may not have the security protections of your company's network.

Tips:

• Provide training. All employees should receive training on the importance of keeping company information secure, handling sensitive data, avoiding malicious virus and software downloads, and reporting suspected security breaches. The level of training should correspond with the employee's job responsibilities and access to sensitive data.
   

• Require passwords. Each employee should be required to have unique log-in credentials (username and password) to access company systems and mobile devices that are used for work. Passwords should be at least 10 characters long and have a mix of numbers and letters (uppercase and lowercase) and special characters. In addition, employees should be required to change their passwords regularly (e.g., every 30 to 90 days).
   

• Have security controls for remote access. If employees work remotely, make sure their computers are protected by a firewall and that their access to your internal network is secure. One way to secure remote access is by using a Virtual Private Network, or VPN. Through a VPN, users are able to access resources on remote networks, such as files, printers, databases, or internal websites.

• Use anti-virus software. Install, use and regularly update antivirus and antispyware software on every mobile device and computer.
   

• BYOD considerations. If you have a BYOD policy, an important consideration is how sensitive business data will be protected when the employee leaves your company or the device is lost or stolen. Because the device is owned by the employee, your ability to erase the company data may be limited by federal and state laws unless you first obtain the employee's written authorization. Before implementing a BYOD program, it is a good idea to work with legal counsel to review applicable laws and develop a written policy and authorization form in accordance with these laws.

Conclusion:

If employees are permitted to use mobile devices for work purposes, think about developing a written policy covering company rules and expectations. To help ensure employees are aware of your stance on these issues, require all employees to sign an acknowledgment that they have read and understand the policy. The policy (like all other policies) should be enforced on a consistent basis.