What happens if I lose my phone?

Report immediately to IT. The company will perform a remote wipe of the work container (which removes company data while preserving your personal data, in a selective-wipe configuration). If you find the device, you can re-enroll. Some companies trigger a full device wipe for lost devices that contain particularly sensitive data — your policy should specify which approach applies. The wipe is logged for audit purposes.

Do I have to use my personal phone for work?

BYOD is voluntary at most companies. If you don't want to use your personal device, request a company-issued device. You can also opt out of BYOD at any time and revert to a company device. State law affects this: California Labor Code §2802 has been interpreted to require reimbursement when employees are REQUIRED to use personal devices, but does not prohibit voluntary BYOD. If your employer requires BYOD, ask about the stipend or reimbursement.

Is the stipend taxable?

Generally yes, unless structured as accountable-plan reimbursement. A flat stipend of $X/month is treated as taxable wages and reported on W-2. To be tax-free, the reimbursement must follow the IRS accountable-plan rules (Treas. Reg. §1.62-2): employee submits actual expenses, with substantiation, within a reasonable period; advance is returned if exceeds actual cost. Companies sometimes use a hybrid: a non-taxable accountable-plan reimbursement of actual cost up to a cap, plus a taxable stipend for incidental use. Talk to your CPA — there is some IRS guidance (Notice 2011-72) that excluded certain employer-provided cell phones from income.

Can the company read my texts and emails?

On work email/messaging apps in the work container — yes, just as on a company-issued device. On personal email, personal messaging apps, personal SMS — no, the company does not have access. If you mix work and personal in the same app (e.g., your personal Gmail also receives work email forwards), the company's view of work content may incidentally include personal content; this is why the policy prohibits using personal accounts for work purposes.

Bring Your Own Device (BYOD) Policy

Policy governing employee use of personal devices for work — covers MDM enrollment, security requirements, privacy, remote wipe, and stipend.

Customise

Company name

Effective date

Mobile Device Management (MDM) solution

Eligible roles for BYOD

Monthly stipend amount

Minimum supported OS

Required security features (initial each)

Remote wipe scope

Employee — full name

Employee — devices to enroll (make/model)

Signature date

Live preview

BRING YOUR OWN DEVICE (BYOD) POLICY

Company: Northstar Logistics, Inc.
Effective date: May 11, 2026

═══════════════════════════════════════════════════════════════════════
1. PURPOSE AND SCOPE
═══════════════════════════════════════════════════════════════════════

This Policy permits eligible employees to use personal devices —
phones, tablets, laptops — to access Company systems and data,
subject to security and use requirements. The Policy balances
employee preference for familiar devices with the Company's
obligation to protect data, comply with regulatory requirements
(GDPR, HIPAA, SOC 2, PCI-DSS, state privacy laws), and respond to
litigation discovery requests.

Eligibility: All employees who request, subject to security review

═══════════════════════════════════════════════════════════════════════
2. ENROLLMENT — MOBILE DEVICE MANAGEMENT
═══════════════════════════════════════════════════════════════════════

2.1 MDM Required. All BYOD devices must be enrolled in the Company's
Mobile Device Management ("MDM") platform: Microsoft Intune (containerized work profile on iOS / Android Work Profile on Android).

2.2 Work Profile / Container. The MDM creates a separate "work
profile" or "container" on the device that holds Company apps and
data. Personal apps and data remain in the personal profile. The
Company manages only the work profile.

2.3 Minimum OS. iOS 17+ on Apple devices; Android 13+ on Android devices; macOS 14+ on Apple computers; Windows 11+ on PCs

2.4 Enrollment Process. Employee installs the Company MDM agent,
authenticates with company credentials, and accepts the work profile.
The employee may opt out at any time by removing the work profile,
which removes Company data only.

═══════════════════════════════════════════════════════════════════════
3. SECURITY REQUIREMENTS
═══════════════════════════════════════════════════════════════════════

The following security configuration is enforced through MDM. Devices
that fall out of compliance are blocked from Company systems until
remediated.

____ Device passcode (6+ characters or biometric)
____ Auto-lock within 5 minutes
____ Full-disk encryption enabled
____ MDM enrollment with company work profile
____ Approved security software (antivirus on Windows; XProtect/Gatekeeper on Mac)
____ OS updates installed within 14 days of release
____ No jailbroken or rooted devices
____ Wi-Fi only on encrypted/trusted networks; VPN required on public Wi-Fi

═══════════════════════════════════════════════════════════════════════
4. ACCEPTABLE USE
═══════════════════════════════════════════════════════════════════════

4.1 Permitted. Employees may use BYOD devices for work email, work
applications, work documents, and other Company-authorized work
activities.

4.2 Prohibited. The following are prohibited on BYOD devices used
for work:
• Storing Company Confidential Information outside the work profile
(no copy-paste from work apps to personal apps; no airdropping
work files to personal accounts).
• Using unsanctioned cloud services (personal Dropbox, Google
Drive, iCloud) for Company data.
• Letting family members or others use the device for work
activities.
• Installing pirated, jailbroken, rooted, or unverified software.
• Using the device for high-risk activities (cryptocurrency mining,
file sharing) while connected to Company networks.

═══════════════════════════════════════════════════════════════════════
5. STIPEND AND REIMBURSEMENT
═══════════════════════════════════════════════════════════════════════

Stipend: $50/month flat (CA, IL, MA, NY employees may receive higher amount based on actual cost — see Section 5)

State-mandated reimbursement: Several states require employers to
reimburse employees for necessary use of personal devices for work,
regardless of stipend:

• California — Labor Code §2802 (Cochran v. Schwan's Home Service,
228 Cal. App. 4th 1137 (2014) requires reimbursement of business
use of personal cell phone, even when employee has unlimited plan).
• Illinois — Wage Payment and Collection Act, 820 ILCS 115/9.5
(effective 2019) — necessary expenditures must be reimbursed.
• Massachusetts — G.L. c. 149 §148 — wage-and-hour law requires
reimbursement.
• New York — Labor Code §198-c — reimbursement when failure brings
wages below minimum wage.
• Iowa — Code §91A.3(6) similar.

In these states, the stipend may be increased based on actual cost
documentation. Employees may submit detailed bills if the stipend is
inadequate.

═══════════════════════════════════════════════════════════════════════
6. PRIVACY
═══════════════════════════════════════════════════════════════════════

6.1 What the Company Sees. Through the MDM platform, the Company can
see:
• Device make, model, OS version, security configuration.
• Whether work profile is compliant with security policy.
• Apps installed in the work profile (Company-issued apps).
• Network connection method (Wi-Fi vs. cellular).
• Device location (general — country/region — only when needed for
compliance or theft response; precise location is NOT routinely
collected).

6.2 What the Company Does NOT See. The Company does NOT see:
• Personal apps installed on the device.
• Personal photos, contacts, messages, browsing history.
• Personal email or social media accounts.
• Personal phone calls or text messages.
• Personal device passcodes.

6.3 Audit and Discovery. In litigation, regulatory inquiry, or
internal investigation, the Company may need to access the work
profile of a BYOD device. The Company will limit access to the work
profile only and will not access personal data, unless a court order
specifically requires broader access.

6.4 State Law Considerations. Some states (CA, IL) restrict
employer access to employee personal social media credentials
(California Labor Code §980; Illinois 820 ILCS 55/10). The Company
will not request employee personal social-media passwords.

═══════════════════════════════════════════════════════════════════════
7. REMOTE WIPE
═══════════════════════════════════════════════════════════════════════

7.1 Default Scope. Selective wipe — work container only (preserves personal data)

7.2 Triggers. The Company may initiate remote wipe in any of:
• Device reported lost or stolen.
• Employee separation (termination or resignation).
• Suspected security incident affecting the device.
• Failure to maintain security compliance after 7 days' notice.

7.3 Notification. The Company will notify the employee before remote
wipe in non-emergency situations to allow back-up of personal data.
For emergency situations (lost/stolen device with sensitive data),
wipe may be immediate.

═══════════════════════════════════════════════════════════════════════
8. SEPARATION FROM EMPLOYMENT
═══════════════════════════════════════════════════════════════════════

On the last day of employment, the employee shall:

(a) Allow the Company to perform a selective wipe of the work profile;
(b) Return any Company-issued accessories (security keys, dongles);
(c) Confirm in writing that no Company Confidential Information
remains outside the work profile;
(d) De-authorize Company applications and accounts on personal
devices.

═══════════════════════════════════════════════════════════════════════
9. CONSEQUENCES OF VIOLATION
═══════════════════════════════════════════════════════════════════════

Violation of this Policy may result in:
• Removal from BYOD program with mandatory return to Company-issued
device only.
• Disciplinary action up to and including termination.
• Legal action for unauthorized access to data, theft, or breach
(Computer Fraud and Abuse Act, 18 USC §1030; state computer-crime
statutes; trade secret laws).

═══════════════════════════════════════════════════════════════════════
10. EMPLOYEE ACKNOWLEDGMENT
═══════════════════════════════════════════════════════════════════════

Employee: Jordan Alex Taylor
Devices to enroll: iPhone 16 Pro, MacBook Air M3 (personal)

I acknowledge:
• Receipt of this BYOD Policy.
• Voluntary participation in the BYOD program.
• The Company's right to manage the work profile on my devices.
• The Company's right to remote wipe under the conditions above.
• That my personal data outside the work profile remains private.
• Stipend / state-mandated reimbursement provisions.

_____________________________________ May 11, 2026
Employee signature Date

_____________________________________ May 11, 2026
IT / Security signature Date

═══════════════════════════════════════════════════════════════════════
COPY TO EMPLOYEE — ORIGINAL TO IT/HR FILE
═══════════════════════════════════════════════════════════════════════

About this template

A Bring Your Own Device (BYOD) policy permits employees to use personal devices — phones, tablets, laptops — to access Company systems and data. BYOD reduces hardware cost for the employer and respects employee preferences for familiar devices, but creates security, privacy, legal-discovery, and labor-law issues that the policy must address. The cornerstone of any modern BYOD program is Mobile Device Management (MDM), which creates a "work profile" or "container" on the device that holds work apps and data, separate from personal apps and data. The MDM enforces security requirements (passcode, encryption, OS update level), monitors compliance, and can wipe the work container without touching personal data on selective wipe. Major MDM platforms: Microsoft Intune (deeply integrated with Microsoft 365), Jamf (Apple-focused), VMware Workspace ONE, Google Workspace MDM, and others. iOS supports User Enrollment (work container with no full-device control) since iOS 13; Android supports Work Profile in Android Enterprise. macOS and Windows offer comparable but more invasive enrollment options. Security requirements for BYOD devices: (1) Passcode and auto-lock — to prevent unauthorized access if device is lost. Touch ID / Face ID acceptable; numeric-only PINs typically inadequate. (2) Full-disk encryption — typically on by default in modern iOS/Android/macOS but should be verified. (3) OS update level — devices on outdated OS lose security patches; minimum supported version should be enforced. (4) MDM agent compliance — devices must remain enrolled and compliant. (5) No jailbreak/root — these defeat OS security controls. (6) Network controls — VPN required on public Wi-Fi; encrypted Wi-Fi at minimum. State and federal labor-law issues: (1) California Labor Code §2802 — Cochran v. Schwan's Home Service, 228 Cal. App. 4th 1137 (2014) held that the employer must reimburse the employee for required business use of personal cell phone, even when the employee has an unlimited plan and incurs no incremental cost. The court reasoned that §2802 requires reimbursement of necessary expenditures incurred in performance of duties, regardless of whether the employee actually paid an incremental amount. The case has been followed widely in California. (2) Illinois 820 ILCS 115/9.5 (effective 2019) — necessary expenses must be reimbursed if requested in writing within 30 days. (3) Massachusetts, New York, Iowa — similar statutes. (4) Federal FLSA — requires reimbursement only when expenses bring wages below minimum wage. Privacy issues: (1) Employee privacy expectations — employees expect their personal data on personal devices to remain private. The MDM platform should be configured to NOT see personal apps, personal photos, personal messages, or personal browsing. (2) Social-media password protection — California Labor Code §980, Illinois 820 ILCS 55/10, and similar laws in 25+ states prohibit employers from requesting employee personal social-media passwords. (3) Wiretapping considerations — if the BYOD device records calls or messages, wiretapping laws (federal 18 USC §2511; California Penal Code §632 — two-party consent state; about 12 other two-party-consent states) apply. (4) GPS tracking — should be disabled by default; precise location collection during work hours has been challenged under privacy law. Litigation discovery — when the company is sued, BYOD devices may be subject to discovery. The 2015 amendments to Federal Rule of Civil Procedure 26 narrowed discovery scope and proportionality, but courts have ordered employees to produce work-related communications from personal devices. The MDM container approach makes this much easier — preserve and produce only the work container. Without MDM containerization, the company may need to take possession of the entire device for forensic preservation, raising privacy and labor issues. Litigation hold notices should specifically address BYOD devices. Termination scenarios — on separation, the company should perform a selective wipe of the work container. Full-device wipe may be appropriate for lost/stolen devices but is rarely necessary on routine separation. The employee should sign an attestation that no company data remains outside the work container. Best practice: (a) MDM with selective wipe (containerization) is the foundation; (b) clear consent in writing before enrollment, with explicit disclosure of what the company can and cannot see; (c) state-aware reimbursement program that recognizes CA/IL/MA/NY mandatory reimbursement; (d) periodic security audit of enrolled devices; (e) clear, separately documented, separation procedures. The policy should be reviewed annually and updated when (a) MDM platform capabilities change, (b) state-law requirements change, (c) major security incidents reveal gaps.

When to use it

Launching a BYOD program for the first time.
After security incident traced to a personal device.
Annual policy refresh.
When entering states with mandatory reimbursement laws (CA, IL, MA, NY, IA).
When deploying a new MDM platform or upgrading MDM capability.

What to include

Eligibility for BYOD program.
MDM enrollment requirement with platform identification.
Minimum OS and security configuration.
Acceptable use restrictions (no copy to personal accounts, no jailbreak, etc.).
Stipend and state-mandated reimbursement provisions.
Privacy disclosure (what company sees, what it does NOT).
Remote wipe scope (selective vs. full) with triggers.
Separation procedures.
Consequences of violation.
Employee acknowledgment with device enumeration.

Frequently asked

No, in a properly configured BYOD/MDM environment. The MDM platform creates a separate "work profile" or "container" on your device. The company manages only that container. The company sees: device make/model/OS, work-profile compliance, work apps installed, network connection method. The company does NOT see: personal apps, personal photos, personal messages, personal email, personal browsing history, personal phone calls. Some MDM platforms offer "device-level" enrollment with broader visibility — modern containerized enrollment (User Enrollment on iOS, Work Profile on Android) is privacy-respecting.

⚠ Legal disclaimer. BYOD policies are governed by federal labor law (FLSA reimbursement when expenses bring wages below minimum), state labor law (CA Labor Code §2802; IL 820 ILCS 115/9.5; MA G.L. c. 149 §148; NY Labor Code §198-c; IA Code §91A.3(6)), federal computer-crime law (CFAA, 18 USC §1030), state social-media-protection laws (CA Labor Code §980; IL 820 ILCS 55/10; 25+ states), wiretapping laws (federal 18 USC §2511; state two-party-consent laws — about 12 states), and federal/state discovery rules (Federal Rules of Civil Procedure; state analogs). Industry-specific regulations may impose additional requirements: HIPAA (45 CFR Part 164), PCI-DSS, SOC 2, GDPR (EU personal data), state breach-notification laws. MDM with selective wipe is the recommended technical foundation. Not legal advice — consult employment counsel and IT/security counsel for specific implementation.

Jurisdiction: United States — federal labor law (FLSA, NLRA, Title VII) + state-specific employment statutes

Last reviewed: 2026-05

Reviewed by ScoutMyTool — consult a licensed attorney for binding use.