Social Media and Personal Devices

Model Bring Your Own Device Policy

Function

Effective Date

Pages

Revision Date

Global Compliance

[Effective Date]

5

[Revision Date]

Scope

This policy applies to [COMPANY NAME] and its subsidiaries (collectively, “[COMPANY NAME]” or the “Company”) and the directors, officers, and employees of such entities as well as those acting for or on behalf of such entities (collectively, “Covered Persons”).

Purpose

This policy establishes Company guidelines for employee use of personally owned electronic devices for work-related purposes.

Definitions

The term Personal Electronic Devices (PEDs) includes all personally owned cellphones, smartphones, tablets, laptops, and computers.

Policy

Device protocols

To ensure the security of Company information, Covered Persons who wish to use PEDs must receive prior approval from the Company to do so and are required to have anti-virus and mobile device management (MDM) software installed on their PEDs. This MDM software will store all company-related information, including calendars, emails, and other applications in one area that is password protected and secure. Company’s IT department must install this software prior to Covered Person using the personal device for work purposes.

Covered Persons may store Company-related information only in this area. Covered Persons may not use cloud-based apps or backup that allows Company-related data to be transferred to unsecure parties. Due to security issues, PEDs may not be synchronized with other devices in Covered Persons’ homes. Making any modifications to the device hardware or software beyond authorized and routine installation updates is prohibited unless approved by IT. Covered Persons may not use unsecure internet sites and must maintain the latest operating system updates on their PEDs. All PEDs must be password protected at all times.

All Covered Persons must use a preset ringtone and alert for Company-related messages and calls. PEDs should be turned off or set to silent or vibrate mode during meetings and conferences and in other locations where incoming calls may disrupt normal workflow.

Restrictions on Authorized Use

Covered Persons whose PEDs have camera, video, or recording capability are restricted from using those functions anywhere on Company property or to record other Covered Persons at any time unless authorized to do so in advance by the Company.

While working, Covered Persons are expected to exercise the same discretion in using their PEDs as is expected for the use of Company devices. Company policies pertaining to harassment, discrimination, retaliation, trade secrets, confidential information, and ethics apply to the use of PEDs for work-related activities.

While occasional use of devices for nonwork-related purposes during the workday is allowed, excessive personal calls, emails, or text messaging during the workday, regardless of the device used, can interfere with productivity and be distracting to others. Covered Persons should handle time-consuming personal matters on nonwork time. Exceptions may be made for emergency situations and as approved in advance by management. Managers reserve the right to request the cellphone bills and use reports for calls and messaging made by Covered Persons during working hours to determine if use is excessive.

Nonexempt Covered Persons may not use their PEDs for work purposes outside of their normal work schedule without written authorization in advance from management. This includes reviewing, sending, and responding to emails or text messages, responding to phone calls, or making phone calls.

Covered Persons may not use their PEDs for work purposes during periods of unpaid leave without prior authorization from management. Company reserves the right to deactivate the Company’s application and access on the Covered Person’s personal device during periods of unpaid leave.

A Covered Person may not store information from or related to former employment on the Company’s application.

Privacy/Company Access

Covered Persons using their PED should not expect any privacy except that which is specifically provided by law. Company has the right, at any time, to monitor and preserve any communications that use the Company’s networks in any way, including data, voicemail, telephone logs, internet use, and network traffic, to determine proper use. Family and friends should not use personal devices that are used for Company purposes.

Company reserves the right to review or retain personal and Company-related data on PEDs or to release the data to government agencies or third parties during an investigation or litigation. Company may review the activity and analyze use patterns and may choose to publicize this data to ensure that Company’s resources in these areas are being used according to this policy. Furthermore, no Covered Person may knowingly disable any network software or system identified as a monitoring tool.

Company Stipend

Covered Persons authorized to use PEDs under this Policy will receive an agreed-on monthly stipend based on their position with the Company and the estimated use of the device. If a Covered Person obtains or currently has a plan that exceeds the monthly stipend, Company is not liable for the difference in cost.

Safety

Covered Persons are expected to follow applicable local, state, and federal laws and regulations regarding the use of electronic devices at all times, including, but not limited to, use of electronic devices while driving.

Covered Persons whose job responsibilities include regular or occasional driving are required to refrain from using their PEDs while driving. Regardless of the circumstances, including slow or stopped traffic, Covered Persons are required to pull off to the side of the road and safely stop the vehicle before placing or accepting a call or texting. Special care should be taken in situations involving traffic, inclement weather, or unfamiliar areas.

Covered Persons who are charged with traffic violations resulting from the use of their PEDs while driving will be solely responsible for all liabilities that result from such actions. Covered Persons who work in hazardous areas must refrain from using PEDs while in those areas, as such use can potentially be a major safety hazard.

Lost, Stolen, Hacked, or Damaged Equipment

Covered Persons are expected to protect their PEDs used for work-related purposes from loss, damage, or theft.

In an effort to secure sensitive company data, Covered Persons are required to have “remote-wipe” software installed on their PEDs by the IT department prior to using the devices for work purposes. This software allows the Company-related data to be erased remotely in the event the device is lost or stolen. Wiping Company data may affect other applications and data. Company specifically reserves the right to erase all data on a PED using remote-wipe software when needed to protect its own information from being improperly disclosed or in the event of a security incident involving the PED.

Company will not be responsible for loss or damage of personal applications or personal data resulting from the use of Company applications or the wiping of Company information. Covered Persons must immediately notify management in the event their PED is lost, stolen, or damaged. If IT is unable to repair the device, the Covered Person will be responsible for the full cost of replacement.

Covered Persons may be subject to disciplinary action up to and including termination of employment for willfully causing damage to PEDs.

Termination of Employment

Upon resignation or termination of employment, or at any time on request, the Covered Person may be asked to produce the PED for inspection. All Company data on PEDs will be removed by IT upon termination of employment.

Violations of Policy

Covered Persons who have not received authorization in writing from Company management and who have not provided written consent will not be permitted to use PEDs for work purposes. Failure to follow Company policies and procedures may result in disciplinary action up to and including termination of employment.

This document is only available to subscribers. Please log in or purchase access.
Purchase Login

About SCCE

The Society of Corporate Compliance and Ethics (SCCE) is a non-profit, member-based professional association. SCCE supports our members' work with education, news, and discussion forums. We are a community of leaders, defining and shaping the corporate compliance environment across a wide range of industries and geographic regions. In developing and maintaining effective ethics and compliance programs, our members strengthen and protect their companies.

952.933.4977

About HCCA

The Health Care Compliance Association (HCCA), is a 501(c)6 non-profit, member-based professional association. HCCA was established in 1996 and is headquartered in Minneapolis, MN. We provide training, certification, and other resources to over 10,000 members. Our members include compliance officers and staff from a wide range of organizations, including hospitals, research facilities, clinics and technology service providers.

952.988.0141

Facebook Twitter LinkedIn
Copyright © 2024 by Society of Corporate Compliance and Ethics (SCCE) & Health Care Compliance Association (HCCA). No claim to original US Government works. All rights reserved. All information provided through this site, including without limitation all information such as the “look and feel” of the site, data files, graphics, text, photographs, drawings, logos, images, sounds, music, video or audio files on this site, is owned and/or licensed by SCCE & HCCA or its suppliers and is subject to United States and international copyright, trademark and other intellectual property laws. Any third party logos and/or content provided herein is owned by such third parties and is used by permission herein. Your use of this site to is subject to our Terms Of Use and Privacy Statement.
Cookie settings