Bring Your Own Device (BYOD) Policy & Guidance Notes 1.0.0

Not Legal Advice. SMBiT Professionals' template legal terms and any guidance given regarding those terms (template materials) are not intended to and do not constitute legal advice and no lawyer-client relationship is intended or formed.  Template materials are a non-mandatory reference resource only.  The accuracy, completeness, adequacy or currency of the template materials is not warranted or guaranteed. Use of template materials is at the user's own risk.  In all cases, the user should rely exclusively on its own independent judgement and any independent professional advice regarding the use of template materials obtained by user regarding the template materials.  Use of template materials by a non-current SMBiT Professional is not licensed.

Warning about BYOD-related laws

The template BYOD Policy does not purport to be compliant with all might be relevant.   It should be used as a reference guide only.  There are many Australian laws to be considered when tailoring a BYOD policy to any particular circumstances.  Some key ones (there are others) are:

-          surveillance laws, generally:  There are Australian State laws concerning listening, optical surveillance and geographic tracking.  Many devices, such as smartphones, can be used for surveillance which is regulated under these laws.  Consent, as provided in the template BYOD policy, may be permit otherwise impermissible surveillance under such laws, but this should be true consent in the sense of it being knowingly given, with choice for alternatives and with knowledge of the consequences.  A mere signed consent form may not amount to actual consent in some circumstances;

-          specific employee surveillance laws:  Some Australian State laws have specific employee surveillance Acts.  The comments, above, concerning consent are equally applicable;

-          general workplace laws:  Some State laws bring employee surveillance within the purview of industrial relations regulation.    More generally, there is an issue about how a BYOD policy aligns with other applicable employer policies and employment terms.  The BYOD policy template may not to be contractually binding.  Consideration should be given to adapting BYOD policy template in these respects;

-          health records laws:  Where a principal might access an individual's health-related information on a permitted device, health records laws concerning permissible collections, uses, disclosures and record retention may apply;

-          privacy laws: In addition to the Commonwealth legislation (e.g., the Privacy Act 1988), State privacy laws may apply to constrain access to an individual’s device and the access seeker’s management of information which might be accessed from that device.  The coverage of the Privacy Act 1988 (Cth) and State privacy laws is not the same.  For example, they operate differently as regards the personal information of employees and personal information collected by those falling within a "small business" exception.