Company Laptop Policy | Use of Company Laptops - Legal Issues

Posted in : Supplementary Articles ROI on 27 February 2009
Gillian Dully
LK Shields

Use of Company Laptops - recent case demonstrates the importance of having a written company laptop policy.

It is not uncommon for employers to provide their employees with laptops.  Whilst there are clear benefits in providing such a tool to employees in terms of flexibility and productivity there may be legal risks from an employer’s perspective.  Such risks need to be assessed and then managed appropriately to avoid potential liability.

Employer Liability

Misuse of company property, including a company laptop, could result in an employer being held liable for the acts of an employee where such acts were carried out during the course of employment. Even if an employer is able to establish that it is not vicariously liable for its employee’s activities, significant cost and time can be incurred in dealing with the relevant issues.  Furthermore, the employer could face damage to its reputation or public embarrassment if its systems or security are compromised.  

Depending on the circumstances, an employer could find itself the subject of a criminal investigation or open to a potential claim on various grounds including the following:

  • Defamation
  • Copyright Infringement
  • Data Protection
  • Discrimination
  • Harassment

Written Policy

It is important that employers have a clear written policy governing the use of company laptops.  The policy should at a minimum:
  • State that a laptop is to be used solely for business purposes;
  • Prohibit private use of a laptop;
  • Outline the potential risks involved in using a laptop including the risks associated with a breach of security;
  • Outline security requirements, for example, any requirement to password protect documents; and
  • Set out the consequences for breaching the policy

An employer should consider whether it is appropriate to link this policy with its data protection policy.  For example, a laptop may contain sensitive company or customer information and if the laptop is removed from company premises security could be compromised.  A breach of security may result in the need to inform the office of the Data Protection Commissioner.  

The laptop usage policy should be consistent with the employer’s existing grievance/disciplinary procedures and should be made available so that all employees and management in the organisation are aware of the policy.  Furthermore, the policy should be reviewed regularly and updated where appropriate.

In a recent case (UD4/2008) the Employment Appeals Tribunal determined that there were substantial grounds for the dismissal of an employee who used her company laptop for non-work related purposes but denied any wrongdoing at the outset.  The Tribunal was influenced by the fact that the employee was given every opportunity to deal with the issues raised by her employer and that the employer adhered to the correct procedures.  The employer gave the employee an opportunity to remove the personal data from the laptop, informed her it would be carrying out an investigation into the matter, gave the employee the opportunity to obtain advice and held a number of meetings with the employee and her representative.  Accordingly, this case illustrates that it is important for an employer to not only have a policy governing the use of laptops but also to follow fair procedures in circumstances of a suspected breach of such policy.

Monitoring Laptop Usage

Employers may have a legitimate business need to monitor the usage of company laptops by its employees.  However, an employer must be mindful of an employee’s constitutional right to privacy and relevant data protection legislation.  Where an employer introduces a policy with regard to monitoring laptop usage, the right and extent of the employer’s monitoring should be clearly outlined in the policy.  An employer may find the need to have the laptop forensically examined, as occurred in the above mentioned case, and it may be necessary to obtain prior consent from employees with regard to any proposed monitoring.

This article is correct at 27/02/2009
Disclaimer:

The information in this article is provided as part of Legal-Island's Employment Law Hub. We regret we are not able to respond to requests for specific legal or HR queries and recommend that professional advice is obtained before relying on information supplied anywhere within this article.

Gillian Dully
LK Shields

The main content of this article was provided by Gillian Dully. Contact telephone number is +353 1 638 5863 or email gdully@lkshields.ie

View all articles by Gillian Dully