Consumerization of information technology (IT) is my newfound place. This essentially means making use of the company's communicating mobile IT equipment (smartphone, digital tablet, etc.) within the framework of the employee's professional activity. (USB key, external hard drive).
The rise of these new company tools has led to employees using their personal equipment on a professional basis. This development offers a more efficient work ethic than that provided by the company.
With these developments, new terms have emerged. Many economic models coexist today, such as BYOD (Bring Your Own Device), a recently French terminological equivalent: AVEC, COPE (Corporate Owned, Personally Activated) or CYOD (Choose Your Own Device).
The main difference between these models is based on the ownership of the equipment attributed to the company or employee and its consequences for the employer.
However, the easy accessibility of company data, if it has productivity advantages, can also present a security risk associated with the portability of the company's information assets. On the other hand, it can lead to a social risk associated with company data.
Legal and technical measures should be taken in terms of safety, surveillance and protection to limit the risks associated with using nomadic equipment within the company.
Securing IT Resources
The company must reconcile computer rules with the practice of nomadism to ensure the portability of information assets (strategic, technical, commercial and even organizational data) while at the same time fulfilling certain obligations (such as the security of personal data).
The confidentiality of their information gives the company a competitive advantage that must be protected. Therefore, it is necessary to isolate professional data from personal data.
In mobile devices, it is necessary to take technical measures to isolate the relevant operating systems and control access to the company network.
The company must also be able to recover professional data stored on personal equipment used by the employee. It was recently decided that the employer cannot access the content of personal data in the absence of an employee or without being duly informed.
However, the employer can access a non-personally identified mobile device even without the employee's presence if connected to the professional computer.
In order to avoid any difficulties, it is recommended to seek the help of a legal professional if in doubt about the conditions of access to an employee's personal equipment.
Law and Human Resources
To company resources, hyperlinking may be accompanied by the employer's loss of control over working time. In case of non-compliance with the maximum working hours, the company is penalized. It is also subject to labor court cases.
Specifically, the employee may formulate individual requests for overtime calls based on emails or work carried out outside the time allotted for work.
In order to protect the company from any difficulties, it must at the very least sign a contract that, to be valid, can guarantee the observance of the maximum daily and weekly working and rest periods. It is recommended to provide daily leave, which should be the subject of a collective agreement.
Team managers should be made aware of the issues related to the use of portable equipment and the risks posed to the company.
Training the management staff; After consultation with the works council and the health, safety and working conditions committee, it is essential to draw up a code of good conduct that must be adopted.
Recommendations for computer use in business life
- Choose the economic model based on the company's specific needs and IT uses.
- Limit equipment fleet and define a target environment with strict access policy for specific functions and users.
- Secure mobile equipment and maintain control of the company's information assets.
- Control the use of portable equipment by embodying the employee's consent and adopting a code of good behavior.
Rights and Information Resources
The company has a legal arsenal to protect its information and strategic assets against any theft or fraudulent disclosure to third parties. In particular, the company may act by resorting to infringement of trade secret on the basis of intellectual property.
Criminal law is used by alleging a breach of professional secrecy, breach of trust, fraudulent intrusion and maintenance in an automated data processing system, or breach of obligations regarding the protection of personal data.
It is based on the law of liability on the basis of labor law, applying the procedure for dismissal for serious misconduct.