This is part three of a three-part series on developments in mobile device discovery and its impact on the lives of in-house counsel. The first, “Bring Your Own Discovery Nightmare: Inside Counsel in the BYOD Era,” was published by Inside Counsel on Sept. 6, 2013 and the second, “Picking Up Your Forensic Toolbox and Becoming Your Opposition’s BYOD Nightmare,” was published by Inside Counsel on Oct. 10, 2013.
BYOD is great for so many reasons (for individuals: fewer things to carry around, everything in one place, no device confusion, and you can use your shiny new phone more often; for corporations: less expensive, less need for support/IT, and fewer whiny employees asking why they can’t use their iPhone/Nexus 5/Surface instead of the boring old Blackberry) that it’s easy to ignore pitfalls. But the mingling of personal and corporate data on a single device does create a lot of headache, and when you think about it, the privacy implications of BYOD are kind of obvious. What could go wrong when, for instance, personal texts regarding an HR-sensitive matter are sitting on the same device as litigation-relevant emails and documents? Clearly a lot — especially if a corporation doesn’t have an airtight BYOD policy.
To have a truly strong chance of not running afoul of privacy laws, a corporation should also institute a second set of policies and procedures to go hand-in-hand with BYOD informed consent. This additional line of attack should center on training and policies for guiding the IT or security staff charged with investigating the device post-capture. These staff should understand exactly which data to target and how to avoid data that is off-limits or just plain unnecessary to the matter. Technology and written process can help to narrow search and collection to specific date ranges, subjects and data types on a phone or tablet, leaving out those items that are irrelevant and/or in a grey area when it comes to privacy concerns.