Skip to content

Managing Staff Using Personal Mobile Phones at Work in the UK 

Table of Contents

Managing how staff use their personal mobile phones or other electronic devices at work can be challenging. Given the widespread availability of mobile phones, there is a natural overlap between performing work on work devices and personal smartphones. If your staff use their mobile phone in the workplace, there are issues around data protection rules which you must understand. This article will explore ways to manage staff using their personal mobile phones and other electronic devices at work and relevant data protection laws to note. 

Personal Mobile Phones in the Workplace

Personal mobile phones are becoming common in the workplace for two main reasons:

  • people can use their personal devices to access work emails; and
  • the increase in home working has blurred the lines between work devices and personal devices.

For example, it is now more common for individuals to log into work networks from personal mobile phones or laptops. However, while many of your employees may have a work laptop, they may not have a work mobile phone. 

Employees’ Use of Personal Mobiles

Although employees accessing work-related emails and information on personal devices can provide flexibility for your business, it can cause issues in several ways, including:

(a) blurring work information from personal information;

(b) being able to access, store and process confidential information; and

(c) security risks on personal devices if they do not have adequate antivirus protection.

Continue reading this article below the form
Need legal advice?
Call 0808 196 8584 for urgent assistance.
Otherwise, complete this form and we will contact you within one business day.

Separating Work Information From Personal Information

Your company must secure and protect all data it processes or retains, but it is still important to separate work information from personal information. This avoids complications when asking your employee to delete work-related information, particularly when they leave your business.

For example, suppose an employee is due to leave your company in two weeks and has used their mobile phone to contact key clients during their employment. An issue can arise regarding who owns the contacts list in your employee’s digital address book. If the information is on a work mobile phone, you can easily argue that the phone, including the contact list, is the property of your business. However, the lines become blurred when the data is on their personal mobile phone.

Front page of publication
UK Startup Manual

LegalVision’s Startup Manual is essential reading material for any startup founder looking to launch and grow a successful startup.

Download Now

Security Risks When Employees Use Their Mobiles

The Information Commissioner’s Office (ICO), the legal body that regulates data protection, warns of the consequences of employees using less secure devices.

Some individuals do not use passwords on their phones, and some tend to send sensitive information insecurely. In comparison, most work devices have in-built anti-virus software and restrictions that limit sensitive information transmission.

There is also an increased risk of theft or accidental loss of a mobile phone compared to a work laptop. This can jeopardise your business’ private data and any confidential information that your employee had stored on their personal device. Additionally, if their device is stolen, it may be difficult to identify who may have gained access to the information.

Also, a cross-border transfer of data can occur if your employee goes on holiday with their mobile phone. This would put your company’s data in another country and potentially breach data protection rules like those in the GDPR.

ControllingData

As a UK employer, you are responsible for taking appropriate steps to safeguard against business data loss. 

You may consider conducting a ‘data audit’, which involves finding out the following:

(a) which devices employees use;

(b) what data exists on those devices;

(c) whether others have access to those devices;

(d) how access to company data occurs on those devices; and

(e) the risks of data being leaked or stolen, such as device loss.

You could also create a Bring Your Own Devices (BYOD) policy for your workplace, which will set out what is and is not considered acceptable use. A BYOD policy should also:

  • detail what staff should do if a personal mobile device used for work purposes is lost or stolen; and 
  • set out rules for what happens to company information on personal devices when a staff member leaves your business.

Key Takeaways

If your staff use their mobile devices for work purposes, you will need to understand the risks and relevant data protection rules that apply. For example, there are greater security risks when individuals access work information on their personal phones and do not have adequate anti-virus software. A fundamental way to manage personal device usage is through a Bring Your Own Device (BYOD) policy. This policy might detail how your business owns work-related information, even if your employee stores it on their personal phone. Likewise, your policy might specify the rules for when an employee leaves your business and the process for obtaining information from their personal devices.

If you need help with data protection rules, our experienced data, privacy and IT lawyers can assist as part of our LegalVision membership. For a low monthly fee, you will have unlimited access to lawyers to answer your questions and draft and review your documents. Call us today on 0808 196 8584 or visit our membership page.

Frequently Asked Questions

What are the risks if my employees use their personal devices for work purposes?

When employees use personal devices for work purposes, there are increased risks of data protection and security breaches for your business.

How can I mitigate the risks associated with staff using a personal device for work purposes?

To mitigate the risks of staff using a personal device for work purposes, you could, for example, conduct a data audit at work.

Register for our free webinars

Protecting and Enforcing Your Brand

Online
Protect your brand from misuse and infringement. Register for our free webinar.
Register Now

Deal Structures 101: Understanding Equity, ASAs and Convertible Notes

Online
As a startup founder, understand your capital raising options. Register for our free webinar today.
Register Now

Common Legal Pitfalls for SaaS and Online Businesses

Online
Protect your online or SaaS business from common legal pitfalls. Register for our free webinar.
Register Now

GDPR Compliance Essentials for SMEs

Online
Ensure our business is compliant with GDPR and build trust with customers. Register for our free webinar.
Register Now
See more webinars >
Thomas Sutherland

Thomas Sutherland

Read all articles by Thomas

About LegalVision

LegalVision is an innovative commercial law firm that provides businesses with affordable, unlimited and ongoing legal assistance through our membership. We operate in Australia, the United Kingdom and New Zealand.

Learn more

We’re an award-winning law firm

  • Award

    2024 Law Company of the Year Finalist - The Lawyer Awards

  • Award

    2024 Law Firm of the Year Finalist - Modern Law Private Client Awards

  • Award

    2023 Economic Innovator of the Year Finalist - The Spectator

  • Award

    2023 Law Company of the Year Finalist - The Lawyer Awards

  • Award

    2023 Future of Legal Services Innovation - Legal Innovation Awards