Download Full Text (827 KB)


As employers increasingly permit employees to use their personal devices (known as Bring Your Own Device, or “BYOD”) for business purposes, and as the risk of data exposure continues to rise, the question of how, when, and against whom to attach liability remains in flux. This paper will endeavor to explore employer liability as viewed through the lens of hacked or compromised BYOD devices. The research begins by identifying BYOD as a concept along with the risks and benefits incident to the practice. It then discusses current state and federal data protection regulations. It then explores recurring themes in data breach litigation with a particular emphasis on portable device cases. In the remaining parts, the author attempts to discover congruencies in data breach liability and employer liability for portable devices by examining two states with strict data protection regulations that could apply to portable devices regardless of the question of ownership. Lastly, the author identifies the arguments against regulating BYOD devices and suggests that current regulatory frameworks provide ample redress for compromised personal devices used for work purposes.

Submitted to the Washington State Office of Privacy and Data Security.

Publication Date



University of Washington Technology Law and Public Policy Clinic




bring your own device


Computer Law | Labor and Employment Law

Employer Liability and Bring Your Own Device: Do Existing Regulations Support Employer Liability for a Compromised Personal Device?