Employees are increasingly using their personal smartphones for work purposes. But when employees depart, those phones may contain a wealth of confidential company data. What to do?
In one case, the employer decided to wipe clean the phone back to its factory settings—and the court supported the company’s actions. That’s good news for IT departments, which face an ongoing battle of protecting company information.
Recent case: Saman worked in sales for a construction company, using his personal iPhone to conduct business during the day. The device could access company computers and the email system. When Saman gave two weeks’ notice, he was terminated. A few days later, the company remotely wiped clean the phone to its factory settings.
Saman sued, alleging violations of the Electronics Communication Privacy Act (ECPA). He argued the phone was his personal device and company’s action erased his photos, contacts and other valuable information.
The court dismissed his lawsuit, saying the information stored on a smartphone isn’t covered by the ECPA. The law is designed to punish hackers who break into computer servers. It doesn’t prohibit deleting cellphone information, even if that phone wasn’t company property. (Rajaee v. Design Tech Homes, No. H-13-2517, SD TX, 2014)
Final note: This is a rapidly developing area of the law. A safer bet is to provide phones to employees and take them back at termination.