Article

Preservation Considerations
for BYOD Devices

BYOD is gaining popularity with employees and businesses alike. But the existence of business data on personal devices brings on its own set of discovery challenges.

View All

As a number of recent headlines have focused on the apparent manipulation or destruction of mobile data, so too have courts put parties on notice about the legal pitfalls that come along with the convenience brought about the mobile revolution.

Businesses legitimately allow (or require) employees to use their own devices or software at work.  The reasons for the practice can span from cost considerations to projecting a progressive company image, to name a few.  And in cases where businesses do not allow such use, employees may still resort to BYOD (bring your own device) or use “shadow IT”  (the unsanctioned software to perform work functions) out of necessity or convenience: from the employee on business forced to use a personal device when an enterprise technology fails in the wee hours of the night, to an employee who texts a co-worker on a personal device regarding business related matters.

Regardless of the expectations for BYOD, mobile devices complicate companies’ abilities to fulfill their preservation obligations in litigation or regulatory inquiries.  For example, the Seventh Circuit has upheld punitive monetary sanctions for a defendant’s discovery abuses, including failure to proactively put custodians on notice to preserve relevant work-related text messages and for failing to suspend an auto-delete function for text messages on company-issued devices.[i]

Key Takeaway

The mere existence of BYOD data does not make it automatically discoverable.

Considerations for Whether to Preserve ESI on BYOD Devices

While under a typical litigation hold a company would not be required to lock down every employee’s mobile device for preservation, upon implementing any type of hold, as an initial inquiry, the company should assess whether prospective custodians’ personal mobile devices are likely to hold unique and relevant business data.

But that’s not where the analysis ends.  As articulated by the recently published Third Principle of the Sedona Conference Commentary on BYOD, additional factors that determine the discoverability of employee-owned devices should include (i) whether the data is within the company’s possession, custody, or control, and (ii) whether discovery is proportional to the needs of the case.[ii]

Thus, even if employees’ personal devices contain relevant and unique data, that does not by itself mean that the data must be preserved.  And while a business may be found to have “possession, custody, or control” of an employee’s (or even a non-employee’s) personal mobile data, proportionality considerations may restrict the scope—or obviate the need entirely—as to what data is discoverable.

Although courts have been increasingly mindful of the increased prominence of proportionality brought about by the 2015 amendments to the Federal Rules of Civil Procedures, [iii] courts have been less uniform in analyzing the “possession, custody, and control” factor.  Some courts have applied the more restrictive legal right test to find that a party has control over documents only when it has the legal right to the documents, and others have used a broader practical ability test to extend discoverability of mobile data even to non-employees.

For example, in Van Zant, Inc. v. Pyle, the court imposed an adverse inference jury instruction on a defendant for his failure to prevent an independent film director from destroying relevant text messages on his personal smart phone.[iv]  The court noted that the director had been hired as a freelancer by the defendant and had a derivative pecuniary interest in the outcome of the litigation.  Those facts, the court reasoned, indicated that the freelance film director’s text messages were, “practically speaking,” under the defendant’s control and thus should have been preserved.

"While cynics may at times deride BYODs as Bring-Your-Own-Disasters, there are a number of proactive measures that a company could employ to balance discovery risk against business needs."

Mitigating Risks

While cynics may at times deride BYODs as Bring-Your-Own-Disasters, there are a number of proactive measures that a company could employ to balance discovery risk against business needs.

First, businesses should design their BYOD programs with an effective information governance structure in mind, with anticipated future discovery being a key consideration.  Courts are increasingly unsympathetic to litigants that seek protective orders due to a poorly designed information governance program that makes their data difficult or costly to access in discovery.

Second, if custodians have unique and potentially relevant communications on their mobile devices that ought to be preserved, the business should explicitly note the employees’ obligation to preserve text messages in the litigation hold.

Finally, for the business that desires definitive parameters to its preservation obligation, consider reaching an agreement with the opposing party that addresses whether, and to what extent, mobile data on personal devices ought to be preserved.

[i] In re Pradaxa (Dabigatran Etexilate) Prods. Liab. Litig., MDL No. 22385, 2013 BL 347278 (S.D. Ill. Dec. 9, 2013), aff’d, 745 F.3d 216, 218 (7th Cir. 2014).

[ii] 19 Sedona Conf. J. 498 (forthcoming 2018).

[iii] Elizabeth McGinn, Scott Sakiyama & Brian Bartholomay, Practical Considerations For Litigating Proportionality, Law 360, May 4, 2018, https://www.law360.com/articles/1040537/practical-considerations-for-litigating-proportionality

[iv] 270 F.Supp.3d 656 (S.D.N.Y 2017).

In a 2016 survey, 59% of organizations allowed employees to use their own devices for work purposes, with another 13% planning to allow its use. Source: Insight, BYOD Statistics Provide Snapshot of Future

Share

Are you ready to love e-discovery?

Introducing FORTÉ, the better way to do e‑discovery.

Let's Talk