BYOD 101

BYOD is illegal.  BYOD is also legal.

So which is it?

Both.  Every tech acronym’s definition is materially altered by every tech vendor (disclosure: Cisco employee).  I’ve heard BYOD described as a feature, a strategy, a technology, and a problem to solve.  “I’m going to solve BYOD by writing a BYOD strategy and then enabling the BYOD feature on my BYOD server.”


Let’s break down the acronym’s actual meaning.

Bring = Use for doing work

Your = Not paid for by the company

Own = Owned by the employee (or a third party)

Device = Typically smartphones and tablets. It could also include laptops, watches, cars, refrigerators, game consoles, and anything else with a processor, network, screen, and storage.

The things it excludes, by definition, are…

Network (BYON) = 3G/4G/LTE contract, home WiFi expenses, office WiFi access

Apps (BYOA) = Free, employee paid, company paid

Information (BYOI) = The really important stuff that you definitely want to protect, including your sales bookings data and your Camera Roll

This is really a discussion about liability and entitlement — who pays for what.

The California Appellate Court recently ruled that if an employer mandates BYON, they must reimburse an employee for reasonable usage of their smartphone voice/text/data allowance for business purposes.  This isn’t a BYOD problem; it’s an issue about forced BYO network access. I agree with the Court’s opinion. If you need the device to be connected in order to do work, your employer should cover that cost.  BYOD doesn’t necessarily mean BYO network access, BYO apps, or BYO information.  The problem is that some IT shops are blending these things together and calling it BYOD.

Staying compliant means creating and nurturing relationships amongst IT, Legal, InfoSec, and HR. This group then needs to build and publish a Mobility policy.  No, you shouldn’t just write a BYOD policy. You should write a Mobility policy that includes entitlement and security requirements.  This policy should spell out the model you’re using and what’s included and excluded.

The model I’m most familiar with is a combination of BYOD and either CYON or BYON.  You, as an employee, are required to pay for your own device. Depending on your role, the company will either pay your whole bill or won’t pay any of it. The twist is that those Choose Your Own Network plans come with a device subsidy. If you choose the least expensive model, you might even get a free one. If you want the gold one for $399, take out your credit card.

I’ve also seen COPE (corporate owned, personally enabled) models work well. This leaves the liability with the company while allowing some reasonable personal usage (hello Instagram!).

Then there are the Financial Gymnastics approaches — mainly stipends and expense back scenarios. These tend to have tax implications and operating overhead, respectively, although I’ve seen them work as well.

All of these approaches can work for your company as long as you define what your Mobility policy is and you communicate it clearly to your employees.

The interesting question is whether this court ruling can be applied in the reverse. Will an employee be legally required to reimburse an employer for personal usage of a corporate voice/text/data allowance?  Is COPE dead? Is BYOD dying?

Sound off in the comments.