Presentation on theme: "1 ANGLIA IT COMMUNITY 14 June 2012 Sallie Davies Frances Barker Employment Solicitor Employment Partner Blocks Employment Service www.blockslegal.co.uk."— Presentation transcript:
1 ANGLIA IT COMMUNITY 14 June 2012 Sallie Davies Frances Barker Employment Solicitor Employment Partner Blocks Employment Service www.blockslegal.co.uk
2 The IT revolution Another key business tool – essential to maximising business effectiveness Happened and happening Neutral – but potential for evil and good Inverse pyramid of knowledge The importance of maintaining control – of IT and employee Worth considering: bring your own device
3 Initial legal advice on BYOD* DON’T !!! (* Bring your own danger?)
4 Bring your own device American living, gung ho, wild on the frontier Oh for the days of landline, employee presence and complete control of mind and body Their kit, your work, your time, your information your reputation, your security, your liability…… The decision in principle: a balance of business considerations And if you do want to let them btod: setting boundaries, foreseeing problems, lowering risk
55 Back to the basic exchange The Employment relationship They are paid and allowed to belong The business buys control of them Their time Their concentration Their skills Performance of Company tasks Use of Company kit – and their own for work? Protection of Company reputation
6 What are employees paid for? Employment: an agreement to serve The deal: money and belonging exchanged for work and control. Work to a certain standard. The only reason they are here: their contribution to performance of the Company Managed by you and the rest of management.….…as part of essential business management using / prescribing the IT tools available to ensure that their contribution is as valuable as possible to the business
7 What are managers paid for? The base line is the Company with no staff = no performance You are responsible for managing and/or facilitating the performance of staff The performance you manage = the performance of the business Management/facilitation of performance is a key part of your responsibility as managers: collectively and individually
8 Blurs the work/home divide When is someone ‘at work’ or not ‘at work’ in a virtual world? Your name, perhaps your kit, their control? Your name, perhaps their kit, your control? Working both ways – when should they (and their IT life) be off limits to you? Setting their IT boundaries at work and home Setting your boundaries – at work and looking over their home fence?
9 Some control issues misuse of timemisconduct harassmentdiscrimination stressaddiction bullyingmismanagement competitiondefamation nastinessmoney problems unhappinessimproper relations
10 Effective control Clear boundaries and expectations for all staff in all media (include social media on your/their kit) Make clear the reality of time theft Usual disciplinary principles apply (procedural and substantive reasonableness and no surprises = fair discipline) The relevance of seniority (internal influence, external reputation and the power of example) Use policies and training: to promote knowledge, awareness and openness re all employees - that use IT in connection with work or not
11 To BOYD or not… …to BOYD, that it is the question.... Why are you even considering it? Do the advantages to the business outweigh the disadvantages? Can the disadvantages be overcome by boundaries, rules and monitoring, to tip the balance? He who pays the piper calls the tune, but is it better to own the bagpipes? Is black and white better than grey? Will minimalist byod provisions suit best? If so make sure your IT policies include them.
12 Some plus issues Saving as reduced overhead costs if they buy their own Increased productivity? Flexibility and availability as they will always be with their IT tools at home and their IT tools will be with them at work. Home workers are spared travel time and associated stresses; there is some evidence that the time gained leads to an increase in work output. Giving them choices and control over what suits them and how they do the job increases motivation and goodwill.
13 More plus issues Skills retention. They may choose to stay where they have a choice rather than move to no choice. Team flexibility. Due to availability geography and travel time are less of an impediment and teams of workers can be assembled more easily. Those using own IT tools may be better able to withstand external disruptions such as transport problems, adverse weather conditions and even terrorist threats. Even provision for alternative use of own IT where indicated can form an important part of disaster management planning.
14 But the down side Loss of control of all the areas where we buy control of employees (see slide 5) Diversity of systems may damage team working and culture Communications may suffer and managers will not be able to supervise work or workers to the same degree Who is where and when and why? How will you know? Anyway if using own IT, why be present, why get put of bed? The employer will be reliant to a large degree on trust – and why would you? Time and money cost of preventing/sorting problems
15 BYOD action Consider the proportionate gain/loss and advantages/risks to your business/roles report to management for decision initial consultation to gauge employee’s wishes decide strategy: for or against? if not allowed – check policies reflect this clearly if allowed – put BYOD policy in place
16 The IT Policy tools Action to be seen to be managing and in control Tool to use to consult and inform and promote staff confidence, maintain good will and minimise problems Using IT to define and then monitor your management strategy Gives certainty, fairness and consistency Foresees and pre-empts problems Paper trail of evidence to show that boundaries and expectations are in place, open and clear
17 Clear boundaries at present No device or equipment should be attached to our systems without the prior approval of the IT Department. This includes any USB flash drive, MP3 or similar device, PDA or telephone. It also includes use of the USB port, infra-red connection port or any other port.
18 Clear boundaries at present Staff should not download or install software from external sources without authorisation from the IT in-house gods. This includes software programs, instant messaging programs, screensavers, photos, video clips and music files. Incoming files and data should always be virus-checked by the IT gods….
19 Clear boundaries at present Staff using laptops or wi-fi enabled equipment must be particularly vigilant about its use outside the office and take any precautions required by the IT Department from time to time against importing viruses or compromising the security of the system. The system contains information which is confidential to our business and/or which is subject to data protection legislation. Such information must be treated with extreme care and in accordance with our Data Protection Policy.
20 Clear boundaries at present When a website is visited, devices such as cookies, tags or web beacons may be employed to enable the site owner to identify and monitor visitors. If the website is of a kind described in below, such a marker could be a source of embarrassment to the visitor and us, especially if inappropriate material has been accessed, downloaded, stored or forwarded from the website.
21 Clear boundaries at present In particular, misuse of the e-mail system or inappropriate use of the internet by participating in online gambling or chain letters or by creating, viewing, accessing, transmitting or downloading any of the following material will amount to gross misconduct (this list is not exhaustive): (a) pornographic material (that is, writing, pictures, films and video clips of a sexually explicit or arousing nature); (b) offensive, obscene, or criminal material or material which is liable to cause embarrassment to us or to our clients; (c) a false and defamatory statement about any person or organisation; …..
22 Clear boundaries at present (d) material which is discriminatory, offensive, derogatory or may cause embarrassment to others; (e) confidential information about us or any of our staff or clients (which you do not have authority to access); (f) any other statement which is likely to create any liability (whether criminal or civil, and whether for you or us); or (g) material in breach of copyright. The incentive/deterrent: Any such action will be treated very seriously and is likely to result in summary dismissal.
23 The base coat: IT policy Need for careful consideration of what balance works for each employee Vehicle for clear www - when, what, where Awareness - manager and staff training Use usual informal and formal discipline structure to reinforce IT use and boundaries If employees work at home or as lone workers on your kit, add a home working/lone workers policy to cover the special considerations
24 The base coat: IT policy Usual Acceptable Use or IT Policy, realistic and for everyone, followed by everyone –An authorisation boundary/framework –Base line for Company kit: use of work time and/or kit is discretionary and may be withdrawn –Then set what usage boundaries suit your business –No use is private and monitoring will happen –Protection of work reputation and time on their kit –Right to disclose content to anyone else –Possible disciplinary/contractor consequences
25 Check usual IT boundaries –Tie in other paperwork e.g. confidential information, equality policy, disciplinary procedures –Forbid nastiness (discrimination safe guard) –Forbid unlawful use –Forbid adult stuff - and games – and shopping - and gambling? –IT security including viruses –Impose duty to report on others –Limits on work relevant private IT at home
26 Then add the BYOD top coat Setting boundaries for own kit used for work at work or home or wherever Key considerations: security of systems and information, performance and privacy Will the home and work kit boundaries be separate or overlap? Remember the www: who, what,when Bear in mind the limits on your control on their kit Consider, consult, adopt and disseminate policy
27 BOYD extras Keeping their kit safe for them Keeping it safe for the business, internal and external security Protection of information Right of access for inspection Accountability to management The private/business use divide If home working – their kit, their place, your right of access?
28 Data Protection and security Who else will have access to the employee's IT and data stored on it? Specific security measures to ensure that members of the household do not have access to data held on the computer. (Most practical is for employer to provide all equipment and to forbid access by others). Do you require/permit employee to encrypt and/or password-protect information? Clearly forbid sharing of passwords Are employees instructed to change their passwords at regular intervals?
29 Data Protection and security Will the employee's IT be left unattended for regular periods? If so, is it within premises that are properly secured? How is information moved between their systems and yours? Given instruction about what data it is appropriate to transfer and how Are there rules on retention of documents, storage and deletion of computerized personal data and other sensitive business information? What measures will need to be taken against accidental loss, destruction or damage?
30 Data Protection and security Have managers and staff been given training and guidance and are regular reminders sent to staff about their obligations to safeguard personal data and confidential information? Train managers re the particular issues with BYOD Preserve so far as possible a climate of openness Respect privacy so far as reasonable Ensure clear monitoring rights are agreed, in place and are used to ensure compliance
31 Action: Open monitoring Necessary for bring your own device – an essential precondition to be accepted To extent that necessary for business purposes, balanced against privacy of employee Key is openness as part of open IT culture Notice via policy, contract, notices Taking action if things are going wrong – always best to pull back/round early, informally Part of routine good management Consistency/neutrality maintains fairness and goodwill and avoids discrimination
32 Summary BYOD action Review and start from where you are Define where you want to be in relation to own device use Move –strategy for development and change Consider existing employee rights to IT use Ensure the right IT paperwork is in place Ensure good IT monitoring systems are in place Explain and inform staff (ongoing for future staff) Ensure all managers are aware and trained Deliver policy review and take indicated action
33 And if things go wrong Absolute head start if paperwork and manager training is in place Importance of employee knowledge/expectation Best if culture maintained, plans followed Early manager action – observation and a chat? Neutrally via group missive? But use disciplinary process if necessary IT criminality – hands off and police in Keep records and other evidence Take advice really early on – IT, HR, Legal
34 Potential liability The joys of vicarious liability, via employees Copyright/licensing breaches Discrimination of all the Equality Act types Harassment and bullying Constructive dismissal Defamation Personal injury from stress Loss of goodwill
35 Further information Good professional advisers – for strategic planning, review of paperwork and advice if problems arise www.emplaw.co.uk/emplaw/experthome/information www.berr.gov.uk/employment - ‘Internet use’ for lots of detailwww.berr.gov.uk/employment ACAS: www.acas.org.uk & help-line 08457 47 47 47 ACAS Equality help-line 08456 00 34 44 PLEASE NOTE: the above has to be general and for discussion only and no specific liability can be accepted by us. We advise that specific legal advice is obtained before action. We would be very pleased to give you, or your HR manager, details and costs of policy preparation, manager training and advice.
36 Thank you for your attention Frances Barker email@example.com dd 01473 343911 Sallie Davies firstname.lastname@example.org dd 01473 343912 email@example.com firstname.lastname@example.org