Privacy Advisor

BRAZIL--BYOD Trend On the Rise, Rules Should Be Clarified

June 18, 2013

By Renato Opice Blum

The time has gone when access to cutting-edge technology was limited to individuals working in enterprise environments. Today, information is freely available about the quality, robustness and efficiency of products, which enables ordinary users to receive and track news of what the domestic or international electronics market has to offer.

On the other hand, many companies still operate more traditional forms of supply acquisition, with all the usual bureaucracy and delays. This, combined with volatile budget policies, leads to a tendency for a decrease in the pace of technological modernization in the workplace.

Thus, an increasing reality present in Brazil is that, often, employees prefer to use their own devices—more modern and versatile—to conduct their activities than to use those offered by their employer. In this context, managers, rather than banning or ignoring this, may choose to cautiously take advantage of the model, known as BYOD, bring-your-own-device.

As with many other day-to-day facts of life, this partnership between worker and employer can be productive. However, the following precautions should be considered and adhered to.

Firstly, with regard to the risks involved and to the terms of Article 2 of the CLT, the company must define which activities may be carried out on the private equipment of their employees. Equally, the employee should understand the necessity to use original software, tools and adequate security configurations, as failure to do so would leave the company infrastructure vulnerable.

In fact, it is essential that each party understands from the outset their own responsibilities. An issue of some considerable controversy revolves around the issue of interference, by employers, into the equipment of employees and the monitoring of such equipment.

It is important to note that, at present, there are no firm precedents regarding the legality of monitoring employees’ own equipment, especially as it may contain their own private content, the manipulation of which could prove highly problematic.

Thus, where a company recognises, for its security, that personal equipment with access to its systems should be verified, it must be recognized that there is no legal provision or consolidated jurisprudential position on the point and that, as such, it is essential that the employer expressly negotiates, clarifies and formalizes this situation with its employees.

An essential step for the protection of all parties involved is to formalize in a specific document the settings and conditions that must be applied if any technological equipment is used.

Moreover, during this process, standards and minimum configurations can be set to grant access to the systems, whilst also demanding periodic verification that the employee is continuing to meet these requirements.

It is also important that rules be clarified regarding the working hours of the employee prior to the adoption of the BYOD model. It is a good idea to set timetables and to limit the availability of the worker through their devices, as the use of such private property should not necessarily be considered as overtime or being on duty.

Finally, to summarize, the principles governing this new facet of the employment relationship may be those that, not contrary to the law, create interesting situations for the parties, demonstrating the free and conscious choice of each to assume the risks of the proposal whilst avoiding the potential for future trouble. Anyhow, the equilibrium of work relationships, whatever the case, should always be preserved as we can have little doubt as to which side the law is most likely to favor.

Prof. Renato Opice Blum, attorney, economist and president of the IT Advisory Board of Fecomercio, received an MBA on Electronic Law Coordinator at Sao Paulo Law School and in the First Digital Law course of FGV/GVLaw in 2011. Blum is a professor at USP and Mackenzie; member of Octopus Cybercrime Community connected with Council of Europe; president of the Council of Security and Information Technology at Commerce Federation of São Paulo and of the American Chamber of Commerce Technology Law Committee; advisor for the Brazilian Bar High Technology Crimes Committee, and invited professor at multiple international programs. Blum is co-author of the “Manual of Electronic Law and Internet” and "Electronic Law: Internet and Courts."

Read More by Renato Opice Blum:
Brazil's New Law Is Not Tough Enough To Fight Electronic Crimes