Recently, we had interesting questions from a client that was implementing two-factor authentication for employees to access the company’s information systems. The process requires employees to install the authentication app on their personal smartphones. When explained to the employees, several objected to adding the app to their personal phones, and one went so far as to threaten legal action against the company if it required such installation as a condition of continuing employment.

Do employees have the right to limit use of their personal smartphones to non-work purposes? The short answer is no. There are no laws or common law causes of action that prohibit employers from requiring that employees obtain personal phones, or that give employees the right to refuse to use those smartphones for work tasks. A growing number of states mandate that employers pay for expenses related to remote work, but none of these jurisdictions limit employers from requiring the installation of work apps. Employers have an obligation to keep employee personal identifying information confidential, and could conceivably be held liable if their negligence led to an employee’s personal information in their phones being hacked through work apps. However, reasonable and appropriate work mandates would not be subject to serious legal challenge.

Employers facing resistance from employees have several options. In addition to mandating such access, the company could advise recalcitrant employees that they will be denied remote access to work systems and will need to figure out a way to accomplish work responsibilities without this access. Employers could also explore alternative authentication methods, such as email or telephone calls.

For more information, please contact me or your regular Parker Poe contact. Click here to subscribe to our latest alerts and insights.