Diagrama de caso de Usos

In addition to the risks to company information when employees depart, companies should also focus on the risks of workers who join their organization and may bring with them confidential or trade secret data from their prior employment. This problem is especially acute in the case of contingent workers, who, due to their itinerant nature, may pass through any number of companies in a short period of time or may work for more than one company simultaneously. If a contingent worker’s former employer also had a BYOD policy, the new company should take steps to prevent lawsuits by the former employer by ensuring that the contingent worker’s former employer’s confidential or trade secret information does not find its way into the new company’s systems through the worker’s dual-use device or other storage media.

1. General considerations

The kinds of contingent workers that present special issues in the BYOD context are principally independent contractors and temporary employees assigned by staffing firms. However, for purposes of BYOD issues, it also makes sense to consider as part of the contingent workforce any retained outside consultants from established firms who, unlike temporary employees and individual contractors, are not supervised by internal staff but who nevertheless work on a company’s premises with generous access to company information and computing resources.

A common practice that is similar to the outside consultant arrangement is the on-site supervisor placed by a staffing firm to manage the relationship with the hiring company and a large number of temporary employees assigned to a site (usually 50 or more). Companies frequently provide such on-site coordinators the same office space, integrated communications, and other tools they provide to employees, but in many situations, this access is provided without the usual protections offered by company policies or employee contracts.

Although Professional Employer Organizations (PEOs) are usually grouped with staffing firms, the workers that they payroll and administer for their customers are not independent or transient and are therefore not really contingent in the way we mean it in this Report. Workers provided through a PEO are regarded as the customers’ own main workforce, and PEOs typically manage each customer’s entire workforce, so the BYOD issues with PEO situations are the same as with companies’ direct workforces. Even so, the company should coordinate with its PEO to ensure that, between the two employer firms, a complete and consistent BYOD policy is promulgated to the workforce.

A company’s rights and protections with regard to BYOD issues in the contingent workforce depend principally on the language of their contracts with the independent contractors or with the staffing firms and consulting organizations that place them. Regrettably, many of these contracts will be documented on the vendor’s form agreements, which tend to omit many of the protections a company may need and which disclaim or severely limit the vendor’s liability. A further problem is that the employment agreements or other contracts, if any, that the vendors have with the individuals they assign may not fully position the vendors to support a company’s rights vis-à-vis the contingent workers.

Consequently, attention should be paid to both levels of contracts. Companies are also well advised to manage this issue by creating agreements with the individual contingent workers to address these gaps.

2. Individual onboarding considerations

Most companies have elaborate processes for requiring their new employees to sign employment agreements and other documents that set up rules, obligations, and protections for the company. But contingent workers typically do not go through this process. They are often brought in directly by operating units concerned only with their immediate operational needs, without the involvement or even the knowledge of Human Resources, the legal department, or other gatekeepers, thereby bypassing established HR processes that deal with:

• Preservation of the company’s intellectual property. • Return of company property.

• Management of passwords and user IDs in company systems and compliance with the company’s broader information protection policies and procedures.

• Protection of confidential information and trade secret information. • Adherence to ethical and behavioral codes.

• Disclaimers of entitlement to company benefit plans and fringe benefit policies, including those affecting computers and communications devices.

• Regulation of use of company IT systems.

Ironically, this risk even extends to staffing agencies with respect to their own risks as operating companies. They may lack protective documentation when they draft members of their own temporary employee population to perform jobs in their internal staffing operations. This is the so-called “in-house temporary” phenomenon.

Contingent workers who use dual-use devices also create another, perhaps even greater, risk for companies. They may be simultaneously working for other companies and will most certainly work for other businesses when their current engagements end. Thus, procedures to ensure that data are removed from the devices of these contingent workers before their engagements end are critical.

IV. BEHAVIOR-RELATED CHALLENGES OF BYOD