Legal and privacy concerns of BYOD adoption

Bring your own device (BYOD) is the use of employees’ privately owned devices for work purposes, such as to access corporate applications like email and databases, or to create, store, and manage corporate data. Through BYOD, employees can have the availability, flexibility, and mobility that allows them to work from home, on the move, or outside of the traditional 9-to-5 office work hours. Especially since the COVID-19 pandemic, which requires staff to increasingly work from home, this phenomenon has gained substantial importance.

However, as employees can use their own devices and choose to use their own software in addition to or instead of enterprise IT, BYOD brings potential security risks for companies, such as the loss of devices that contain sensitive corporate data, data contamination through malware intrusion, data theft, or loss of control over corporate networks. To mitigate these risks, companies implement mobile device management (MDM) solutions to secure, monitor, manage, and support BYOD. The downside is that these security measures can in turn cause privacy concerns among employees as their personal data, namely emails, photos, locations, and applications on their own devices, could be exposed to the employer.

Research has identified multiple sources of privacy concerns, including privacy experiences, privacy awareness, personality differences, demographic differences, culture, and climate, though has underrated the role of legal concerns. Addressing this gap, this study examines how legal concerns affect employees’ privacy calculus of BYOD benefits and risks, and how these benefits and risks influence their attitude and intention to use their own mobile devices for work.

Method and sample

A survey was conducted with participants from the US, Germany, and South Korea, which were chosen as typical examples of countries with high BYOD adoption and share of mobile phone users. Screening questions were used to ensure participants were employed and have privately owned a mobile device. In total, the sample included 542 participants, with 210 from the US, 178 from Germany, and 154 from South Korea. The following survey questions examined the different constructs using scales adapted from prior research.

Key findings

1. In general, legal concerns were found to be significantly influencing employees’ perception of BYOD risks, but have no significant impact on BYOD benefits. BYOD risks and benefits both significantly influence employees’ attitude toward BYOD, which then influences their BYOD intention.
2. In terms of national difference, South Korea has the largest impact of legal concerns on BYOD risks.
3. However, perceived risks of Korean employees do not significantly influence their BYOD attitude, whereas in individualist cultures such as the US, BYOD risks significantly impact BYOD attitudes. This could be due to the highly collectivist culture in Korea that makes people less risk averse as they can rely on their collective network support.
4. While BYOD benefits outweigh risks in all three countries, the discrepancy of the privacy calculus is larger in Germany and South Korea compared to the United States.
5. Employees from Germany, as a small power distance culture, has the highest impact of BYOD attitude on BYOD intention, followed by those from the US. Lastly, South Korea, which is a culture with a large power distance, sees the least influence on employees’ intention, which could be explained by how the country’s large power distance makes managers generally rely on superiors and on formal rules, and subordinates expect to be told what to do.

Recommendations

Apart from national cultures, organisational cultures and practices can play a role in shaping or alleviating employees’ concerns, for example, regarding organisational surveillance of private information. Organisations with more flexibility would better fit the objectives of BYOD and thus gives employees fewer restrictions and empowerment. Moreover, employees’ concerns can be reduced by setting clear agreements that are transparent and meet their expectations.

It is also important for employers to understand differences of BYOD adoption between different employee genders, ages, industries, and education levels. This can help companies develop appropriate policies that address employees’ legal and privacy concerns of BYOD adoption.

Finally, companies must respond to employees’ privacy concerns to comply with government regulations and regulatory compliances, such as the PIPA, GDPR, and CCPA to avoid any legal complications through the implementation of BYOD.

Researcher

• Dr Kenan Degirmenci
  

  kenan.​degirmenci

More information

The research article is also available on eprints.