You know that a trend is on the rise when it earns itself a catchy acronym, and you know that a rising trend is no longer just a trend when mainstream news channels pick it up. As early as March 2012, NBCnews.com reported that “’Bring your own device’ is a huge concern among IT professionals.” While most coverage of the BYOD revolution is understandably concerned with basic security, even a malware-proofed and securely pass-coded smartphone presents what should be an equally bone chilling threat to in-house counsel: the threat of discoverability. Each of your colleagues’ iPhones, iPads, Blackberries and Androids contains more legally relevant ESI than most of us have dared imagine. As arbiters of risk assessment and defenders of intellectual property, perhaps no other position faces as much potential harm from a haphazardly concocted BYOD policy as does the in-house counsel.
Let’s make this very clear: mobile devices are currently absolutely ubiquitous. In constant motion from “good morning” to “good night,” these tiny supercomputers track our lives from home to the office and back again. According to recent statistics from the Pew Internet Research Group, 87 percent of Americans have cell phones, 46 percent own smartphones and 31 percent own tablets, with many more intent on purchasing a tablet in the next year. In July 2011, forecasters predicted that smartphones would reach 1 billion in annual sales by 2016. By December 2012, that number had more than doubled to 2.2 billion.
This means two things for inside counsel. First, you must instruct your colleagues in the proper use and maintenance of the devices they bring to work and the information kept on them. Second, you must assume that they will not follow your advice and that neither will employees of your opposition. Ignoring either of these things could prove disastrous.
You simply must review and revise your company’s BYOD policy. It should provide adequate notice to new employees of the risks of conducting their business and their personal lives on the same device. It should define “intellectual property” and “trade secret.” It should, in effect, deliver one message to two audiences: It should alert the employee to the dangers inherent in BYOD and it should alert a hypothetical judge or jury in the future that your company did everything reasonably within its power to prevent misuse of the device and to protect its valuable intellectual property.