Author:  Taylor H. Fouser

While not your average citizen, employers and employees can learn a valuable lesson from Hillary Clinton’s e-mail fiasco that came to light earlier this year.  Throughout her tenure as Secretary of State, Clinton chose to conduct government business from both her official government e-mail account and her own personal account.  No doubt that Clinton’s position creates its own unique confidentiality issues; however, employers must be aware that they can be subject to legal and security complications as a result of employees comingling work and personal e-mail accounts.

Many companies enact a Bring Your Own Device (BYOD) policy.  BYOD permits employees to use their own personal devices, such as mobile phones and tablets, for work rather than providing company-issued devices.  However, such policies subject employers to significant risks and it is important to take appropriate steps to protect your company.


One of the most obvious risks with enacting a BYOD program is that non-exempt employees will respond to e-mails or create work product on their device when they are off the clock.  Under the Fair Labor Standards Act (FLSA), a non-exempt employee is entitled to overtime pay if he or she works more than 40 hours in a week.  An employer is required to compensate non-exempt employees for this time or risk violating federal or state law.  In addition, if employees receive both work and personal e-mails on the same device, they are more likely to spend valuable time at work dealing with personal matters.

Furthermore, if an employee leaves the company, issues arise as to what information on the device is personal and what is business-related.  From a data protection standpoint, many employers who use BYOD perform remote wipes on the personal device, which consequently erases all of the employee’s information on the device.  Such actions, while understandable from a confidentiality standpoint, could open employers up to liability for privacy issues or loss of personal information on an employee’s device.


Besides the ever-present fear that your data may disappear or your privacy be violated, employees face other legal ramifications for comingling personal and work e-mail accounts. If your employer is involved in litigation, electronic discovery (eDiscovery) permits the opposing party to potentially subpoena your entire e-mail account—personal and work.  Also, similar to Hillary, who recently handed over 55,000 pages of e-mails to the State Department to comply with record-keeping practices, you have a duty to protect and preserve any data on your personal device that could relate to a company lawsuit.


  • Create a policy. Before allowing employees to use personal devices for both work and personal purposes, create an internal BYOD program, or similar policy
  • Costs. Be clear whether and how costs relating to the device will be reimbursed
  • Off-the-clock work. Clarify any limitations regarding off-the-clock work and reimbursement
  • Employee authorization. Make sure that the employee signs a separate document informing the employee that company information on the device remains company property, and the company reserves the right to access that information
  • Harassment and discrimination apply. Remind employees that all employment discrimination and harassment policies apply while using the device

    Please contact a Gjording Fouser lawyer at 208.336.9777 if you would like any additional information about this topic or any other employment issues facing your company.