Magazine Article | July 27, 2012

Opening Pandora's Box — Risk, Liability, And BYOD

Source: Field Technologies Magazine

By Michael Riemer, chief product officer and cofounder, ZoomSafer,

The popularity of BYOD programs requires innovative security and safety initiatives to minimize financial risk.

The surging popularity of BYOD (bring-yourown-device) programs, which allow corporate employees to use their personal mobile devices for business purposes, is changing the risk and liability landscape for corporate America. According to a recent study by Good Technology, nearly 75% of companies now support BYOD programs. While there are pros and cons to BYOD programs, they are here to stay — and so must be managed as part of the enterprise risk and liability landscape.

Have You Considered This BYOD Risk?

BYOD programs, by their very nature, open up a Pandora’s box of security and safety risks. Over the last several years, most corporations have focused on the issues related to data access and security. What companies have failed to recognize,however, is that a likelier and equally risky event is a serious auto crash resulting from employee mobile phone use while driving. This behavior is widespread — a 2010 CareerBuilder report found that over half of employees use smartphones while driving. And employee mobile phone use while driving creates tremendous danger; a 2009 VTTI study found that texting or typing on a phone increases crash risk by 2,300%. More than a decade of case law has firmly established that employers can and will be held liable for employees’ mobile device use, including a recordsetting 2001 case in which a corporate employer was successfully sued for $21 million in damages.

This vicarious liability applies even when the employer doesn’t own the phone — if a crash occurs while an employee is engaged within the scope of work. And that scope is broadly defined. Even in cases where an employee was using a mobile phone while driving outside of normal business hours or en route to a nonbusiness event, courts have held that the theory of vicarious liability applies and allowed claims to move forward. And plaintiffs’ lawyers, always on the lookout for defendants with deep pockets, have utilized the broad definition of scope of employment with stunning success. Any mobile enterprise initiative must therefore take into account the risks stemming from employee mobile device use while driving. Given the difficulty in managing hundreds (or even thousands) of individually owned phones, it’s imperative that companies considering BYOD programs for their employees work to actively manage these risks — if you don’t, your company could face potentially ruinous financial and legal consequences.

The risks associated with employee mobile phone use while driving are magnified for companies that own and operate commercial fleets or that regularly equip employees with the keys to company vehicles. In such cases, BYOD programs might further blur the line between employer liability and individual liability in the event of a crash caused by employee mobile device use while driving.

Mobile Security Isn’t Just About Data Integrity

The costs and risks associated with distracted driving are very comparable to purported data losses or exposures via mobile devices. A recent Ponemon Institute study showed that data breach costs range from $750,000 to $31 million and that mobile devices are one of the leading causes of such loss. The frequency of these data breaches, however, is still a point of debate, given the recognized underreporting of such incidents to stave off negative brand and company impacts. Transportation-related incidents are increasingly being settled out of court and off the broader radar screen for similar reasons. Whether it’s data security or distracted driving, companies don’t want their names associated with negligent employee mobile device use.

The bottom line is that companies must ensure that policies and programs are in place for both the security and safety associated with the use of these mobile devices within the scope of work. Otherwise, encouraging BYOD programs will create risk, liability, and expense rather than saving companies money.