Smartphone and Mobile Device e-Discovery Requires Proactive Technology
Smartphones are a contentious issue in e-discovery. I’m always pleased when the issues with smartphones are covered, like in this article from Law360. When it comes to bring your own device (BYOD) and personally-owned equipment, where the line between business use and personal use is blurry, the advice is spot-on. BYOD was a big thing five years ago, but there’s also been a big swing toward company-owned devices. The one thing missing from this article is that technology can help wrangle smartphones and take away some of the pain of the e-discovery process.
Technology has evolved to mitigate the risks of smartphones, even phones owned by employees. Those that exist as part of a BYOD program can be compartmentalized with mobile device management (MDM) software, and policies can be put in place that users agree to prior to their devices being allowed to access company systems and/or information. I’ve seen companies do exactly that: before employees could access company data, including email, on their smartphones, they had to bring the phones to IT, get MDM software installed, and agree that the company reserved the right to wipe the phone clean once the employee left.
Another pain point of smartphone e-discovery is the imaging process. Setting aside the different operating systems, connectors (consider how many different phone chargers you have used in the past 5-10 years, which is the same problem with connecting the phones for imaging), and programs people use for messaging, there’s a general resistance to handing over what many feel is a more personal device. It travels with you everywhere you go, it is in your pocket, your purse, etc. Since it is so personal, employees aren’t just using their smartphones for business or for innocuous “remember the milk” text messages. I’ve seen cases where employees are using their smartphones to step out on their significant others – and when confronted with a litigation hold, lock themselves in their offices to delete data. Those data gaps are much worse than the messages themselves from a client perspective, which would likely be irrelevant and never see the light of day.
The best approach to e-discovery and smartphones, however, is a proactive approach that issues company-owned phones to employees, particularly in heavily regulated industries like finance or pharmaceuticals. For example, our phones at UnitedLex are owned by the company and include Mobile Iron, which lets the IT department remotely wipe the phone should it be lost or stolen – or should we terminate employment. The IT department also has more prevalent access to the phone: text messages, emails, apps, and other usage data. That eliminates a lot of the risk inherent with smartphones because, if there is a litigation hold, IT can quickly retain our data without us having to physically bring them our phones.
Granted, this may not be a reasonable or feasible approach for a company that sees litigation once or twice a decade. The up-front capital expenditure in phones and software isn’t cheap, but for heavily regulated or heavily litigated industries, company-owned smartphones and MDM are just part of the cost of doing business. These companies need control over their data and need to weigh the risks of BYOD – arguably, the Wild West of smartphone management – against the cost of the technology. If you can afford it, this is the way to solve some of the problems that come with smartphones and other mobile devices.