• At Kemp Little, we are known for our ability to serve the very particular needs of a large but diverse technology client base. Our hands-on industry know-how makes us a good fit with many of the world's biggest technology and digital media businesses, yet means we are equally relevant to companies with a technology bias, in sectors such as professional services, financial services, retail, travel and healthcare.
  • Kemp Little specialises in the technology and digital media sectors and provides a range of legal services that are crucial to fast-moving, innovative businesses.Our blend of sector awareness, technical excellence and responsiveness, means we are regularly ranked as a leading firm by directories such as Legal 500, Chambers and PLC Which Lawyer. Our practice areas cover a wide range of legal issues and advice.
  • Our Commercial Technology team has established itself as one of the strongest in the UK. We are ranked in Legal 500, Chambers & Partners and PLC Which Lawyer, with four of our partners recommended.
  • Our team provides practical and commercial advice founded on years of experience and technical know-how to technology and digital media companies that need to be alert to the rules and regulations of competition law.
  • Our Corporate Practice has a reputation for delivering sound legal advice, backed up with extensive industry experience and credentials, to get the best results from technology and digital media transactions.
  • In the fast-changing world of employment law our clients need practical, commercial and cost-effective advice. They get this from our team of employment law professionals.
  • Our team of leading IP advisors deliver cost-effective, strategic and commercial advice to ensure that your IP assets are protected and leveraged to add real value to your business.
  • Our litigation practice advises on all aspects of dispute resolution, with a particular focus on ownership, exploitation and infringement of intellectual property rights and commercial disputes in the technology sector.
  • We have an industry-leading reputation for our outsourcing expertise. Our professionals deliver credible legal advice to providers and acquirers of IT and business process outsourcing (BPO) services.
  • We work alongside companies, many with disruptive technologies, that seek funding, as well as with the venture capital firms, institutional investors and corporate ventures that want to invest in exciting business opportunities.
  • Our regulatory specialists work alongside Kemp Little’s corporate and commercial professionals to help meet their compliance obligations.
  • With a service that is commercial and responsive to our clients’ needs, you will find our tax advice easy to understand, cost-effective and geared towards maximising your tax benefits.
  • At Kemp Little, we advise clients in diverse sectors where technology is fundamental to the ongoing success of their businesses.They include companies that provide technology as a service and businesses where the use of technology is key to their business model, enabling them to bring their product or service to market.
  • We bring our commercial understanding of digital business models, our legal expertise and our reputation for delivering high quality, cost-effective services to this dynamic sector.
  • Acting for market leaders and market changers within the media industry, we combine in-depth knowledge of the structural technology that underpins content delivery and the impact of digitisation on the rights of producers and consumers.
  • We understand the risks facing this sector and work with our clients to conquer those challenges. Testimony to our success is the continued growth in our team of professionals and the clients we serve.
  • We advise at the forefront of the technological intersection between life sciences and healthcare. We advise leading technology and data analytics providers, healthcare institutions as well as manufacturers of medical devices, pharmaceuticals and biotechnological products.
  • For clients operating in the online sector, our teams are structured to meet their commercial, financing, M&A, competition and regulatory, employment and intellectual property legal needs.
  • Our focus on technology makes us especially well positioned to give advice on the legal aspects of digital marketing. We advise on high-profile, multi-channel, cross-border cases and on highly complex campaigns.
  • The mobile and telecoms sector is fast changing and hugely dependent on technology advances. We help mobile and wireless and fixed telecoms clients to tackle the legal challenges that this evolving sector presents.
  • Whether ERP, Linux or Windows; software or infrastructure as a service in the cloud, in a virtualised environment, or as a mobile or service-oriented architecture, we have the experience to resolve legal issues across the spectrum of commercial computer platforms.
  • Our clients trust us to apply our solutions and know-how to help them make the best use of technology in structuring deals, mitigating key risks to their businesses and in achieving their commercial objectives.
  • We have extensive experience of advising customers and suppliers in the retail sector on technology development, licensing and supply projects, and in advising on all aspects of procurement and online operations.
  • Our legal professionals work alongside social media providers and users in relation to the commercial, privacy, data, advertising, intellectual property, employment and corporate issues that arise in this dynamic sector.
  • Our years of working alongside diverse software clients have given us an in-depth understanding of the dynamics of the software marketplace, market practice and alternative negotiating strategies.
  • Working with direct providers of travel services, including aggregators, facilitators and suppliers of transport and technology, our team has developed a unique specialist knowledge of the sector
  • Your life as an entrepreneur is full of daily challenges as you seek to grow your business. One of the key strengths of our firm is that we understand these challenges.
  • Kemp Little is trusted by some of the world’s leading luxury brands and some of the most innovative e-commerce retailers changing the face of the industry.
  • HR Bytes is an exclusive, comprehensive, online service that will provide you with a wide range of practical, insightful and current employment law information. HR Bytes members get priority booking for events, key insight and a range of employment materials for free.
  • FlightDeck is our portal designed especially with start-up and emerging technology businesses in mind to help you get your business up and running in the right way. We provide a free pack of all the things no-one tells you and things they don’t give away to get you started.

The 'bring your own device to work' challenge

According to a report by YouGov,  65% of companies currently allow employees to bring their own devices to work but only a quarter said that their organisation has a formal ‘bring your own device’ (BYOD) policy in place. It can be challenging to match what occurs in practice with an underlying policy, but the current disconnect can raise significant issues for employers. We’ve outlined some of the key issues and ways to deal with them below:

  1. Who owns the device?

A personal device used by an employee for work purposes is still owned by the employee and not the business. This inevitably means less control for an employer over a personal device than it would have over its own property. A company nevertheless has to remain in control of data for which it is responsible, notwithstanding the fact that the device is owned by the employee, so any BYOD policy should state that the contents of an employer’s system and any company data remain the property of the company, regardless of who owns the personal device.

  1. How can your business ensure compliance with data protection legislation?

As mentioned above, although a personal device is owned by an employee, the company will still be considered the data controller of personal data belonging to the company which is held on the device pursuant to the Data Protection Act 1998 (the ‘DPA’)). Therefore any company operating a BYOD policy will need to ensure that all processing of personal data on its employees’ personal devices for business purposes remains in compliance with the DPA. The key to ensuring this is to put in place appropriate security measures to prevent personal data from being accidentally or deliberately compromised. The Information Commissioner’s Office has provided some guidance to UK employers to ensure that their BYOD policies comply with the DPA, including recommended security measures. We have listed some recommended security measures below.

  1. What are appropriate security measures?

Even though an employee’s personal device is not owned by the business, an employer will nevertheless want to protect confidential company data stored on that device and to ensure that any processing of data complies with the DPA. A BYOD policy can be a helpful way to do this by putting in place appropriate security measures such as:

  • pre-approval of a personal device and ability to withdrawal such permission;
  • a list of appropriate uses;
  • a restriction on what types of data can be stored on personal devices;
  • a requirement to install specific anti-virus or anti-malware software;
  • a requirement to use a strong password (and guidance on appropriate passwords);
  • a prohibition on the use of the device by anyone not pre-approved by the employer, including friends and family;
  • stating that disciplinary action will be taken if the BYOD policy isn’t complied with;
  • a prohibition on backing up a device to cloud based storage;
  • a requirement to encrypt data;
  • a requirement to implement automatic deletion of data or automatic locking of a personal device if its password is incorrectly entered too many times or it remains inactive for a certain period of time;
  • a prohibition on the installation of unapproved apps; and
  • a right for the employer to remotely wipe the device.

Remote wiping of personal devices

Remote wiping of personal devices is likely to be the security measure that causes the most friction with employees because of the risk that their personal data will also be deleted.  However, it can be the most powerful tool at a company’s disposal in the event of loss or theft, for departing employees or in cases of suspected breaches of security or confidentiality. In order to make this kind of measure more palatable for to employees, we recommend that a BYOD policy includes an explanation that the company does not intend to, and will use reasonable efforts not to, wipe data that is strictly personal in nature. That said, employees should be made aware that an employer may not be able to distinguish between company and personal data in all circumstances.

  1. How can you monitor the use of personal devices?

Given the increased security risks that the use of a personal device brings, most employers will want the right to monitor how employees are using their personal devices. It is not possible for a company to have an unlimited right to monitor any and all activity on a personal device, however a BYOD policy can include a right to monitor activity to the extent permitted by law and for legitimate business purposes. A BYOD policy should manage employees’ expectations of privacy when they use their personal devices for work purposes and make the employer’s reasons for monitoring clear, e.g. to protect company data and to prevent misuse of the device.

  1. What about loss and theft?

One of the main risks an employer takes by allowing its employees to bring their own device to work is that the device, along with confidential company information, is lost or stolen during the employee’s personal time. A BYOD policy should include, as a minimum, reporting procedures in the event of loss or theft and preferably a requirement for location tracking and a right for the business to remotely wipe the device (for more on this see above).

  1. Who bears the cost?

This is entirely up to the company. A BYOD policy can state that the company will bear no costs at all, only bear the cost of a certain ‘shopping list’ of items (e.g. technical and repair costs), all costs connected to business use or even a fixed monthly contribution for use of the device. The key here is that without a formal policy, the level of contribution can be disputed by employees.

  1. What if an employee doesn’t like the policy?

Given that certain elements of BYOD policies are likely to be controversial (such as remote wiping) we recommend that no BYOD policy is stated to be mandatory, rather employees should be given a choice whether or not to use their own devices and, if they choose to do so, make any such use conditional upon their agreement to a BYOD policy.

So is it worth the hassle?

Despite the risks outlined above, allowing employees to bring their own device to work can bring a number of benefits. Employers are under increasing pressure to keep up with technological advances and allowing employees to use their own state of the art devices is a good way to keep up with the latest trends. Allowing employees to use their own devices can not only improve morale and job satisfaction but can also increase flexibility and productivity in the workplace and reduce overheads when employees invest in their own devices.

If a BYOD policy is too restrictive, it is likely to discourage employees from using their own devices and prevent businesses from reaping the benefits that a well worded BYOD policy can bring. The challenge employers face is to introduce a BYOD policy which strikes the right balance between flexibility for its employees and protecting its business interests.

For further information, please contact Anna Byford or Kathryn Dooks.