By Rachel Looker
If you use your personal device for work-related business and think your information is safe, the outcome of a 2014 federal lawsuit in Texas may make you reconsider.
Saman Rajaee was hired to provide sales and marketing for Design Tech Homes, a custom builder in Houston, according to court documents.
The job required constant email access — and the company provided him with no smartphone. Rajaee used his personal device to connect to the company’s server.
When Rajaee gave his two weeks’ notice, he was immediately terminated. Days later, his iPhone 4 was wiped remotely and reset to factory settings.
But the U.S. District Court for the Southern District Court of Texas in Houston dismissed Rajaee’s lawsuit — seeking compensation for the loss of contacts, photos and passwords — after Design Tech wiped his personal data from his smartphone.
Though Rajaee told Digital Privacy News that he could not discuss the case in detail, he said he now backed up everything on iCloud.
He still uses his personal device for work, but Rajaee said he was better prepared should this happen again.
“I think that my former employer probably won’t do that to anyone else,” he said. “Because of the suit, most companies now have disclaimers to protect them in case of a mistake or spite move.”
Experts said that employees who used their devices for work faced similar risks of losing the personal information stored on them.
Year of COVID, Shutdowns
With shutdowns from the COVID-19 pandemic about to cross the 365-day threshold, more workers have found themselves working from home — often with a personal computer on one side of the desk and a work machine on the other.
According to a work-from-home study in June by Morning Consult and IBM, 53% of employees said they were using personal laptops or computers for business operations.
“That’s par for the course in this lockdown,” Michael Greenberger, director of the University of Maryland Center for Health and Homeland Security, told Digital Privacy News.
“Most people don’t know what the rights and responsibilities are of the employee or the employer — and the issues never get raised.”Michael Greenberger, University of Maryland.
While it’s easy to mingle your personal devices with work-related networks and platforms, Greenberger said employees who used personal devices to access employer networks were in danger of losing their own data.
Greenberger, also a professor at the Francis King Carey Law School, called it a “worrisome situation” when employees used personal devices on their employer’s network and their data was subjected to being seized.
Employees who are fired or terminated because of lack of funding or when a position is eliminated may soon find that the company has completely wiped their data — including photos, personal emails or texts.
“Most people don’t know what the rights and responsibilities are of the employee or the employer — and the issues never get raised,” Greenberger said.
“But when they do get raised, someone who is using their own communication device on an employer’s network is opening themselves up to having their data wiped out and losing valuable personal information.”
He said laws varied among states, with the majority favoring employers.
“The danger is clear — and the best practice is to use your own device on your own network for personal things and to use the employer’s devices and their networks to do the business, and keep the two separate,” he said.
Many companies now require employees to download certain privacy-invasive platforms or apps on personal devices to fulfill business requirements while working from home.
Refusing to do so, however, jeopardizes relationships with employers and is, effectively, “like not showing up for work,” Greenberger told Digital Privacy News.
“It’s worse than that — because once you get on these networks, there are all these surveillance apps that the employer puts in without the employee even knowing it,” he said.
Privacy Issues for Data
Jay Stanley, senior policy analyst with the ACLU’s Speech, Privacy and Technology Project, told Digital Privacy News that when employers required the installation of certain software, there might be privacy issues for workers’ personal data.
“If somebody is following good privacy practices and has their own computer locked down as much as one can to protect their privacy — and their employer pressures them to install software, that could open up their whole computer to privacy invasion,” he said.
Stanley said employers should provide devices if employees would be required to work from home — and employees should ask for a device if they did not receive one.
The answer to keeping your personal data out of the hands of an employer and preventing a company from causing your phone screen to go blank? Use separate devices, Maryland’s Greenberger said.
“If somebody is following good privacy practices … and their employer pressures them to install software, that could open up their whole computer to privacy invasion.”Jay Stanley, ACLU.
“One for personal business, one for the employer’s business — and that’s the best safeguard against losing your personal data to your employer,” he said.
Greenberger said this area needed state legislative reform to prevent employees from situations where they might lose data.
“My prediction is that, as this plays out, there will be more and more cases,” he told Digital Privacy News.
“Eventually, it will come to the attention of state legislators — and laws will be more protective of the employee who’s using their own devices.”
Rachel Looker is a Washington writer.
- Rajaee v. Design Tech Homes, LTD: RAJAEE v. DESIGN TECH HOMES, LTD., Dist. Court, SD Texas 2014
- IBM Security: WORK FROM HOME STUDY