Simmons: Bring Your Own Device policies create legal complications

Keywords Smart Phones / subpoena
  • Print
Listen to this story

Subscriber Benefit

As a subscriber you can listen to articles at work, in the car, or while you work out. Subscribe Now
0:00
0:00
Loading audio file, please wait.
  • 0.25
  • 0.50
  • 0.75
  • 1.00
  • 1.25
  • 1.50
  • 1.75
  • 2.00

It doesn’t seem like it was that long ago that smartphones for business use were almost exclusively the domain of Blackberries, run off enterprise servers.

That is a bygone era.

Recent estimates have over 80% of businesses using a “Bring Your Own Device” (BYOD) approach to employee cellphones. Consultants point to cost savings, employee satisfaction and reduced IT burden as advantages of BYOD over employer-provided phones.

But when those devices become potential data sources for discovery, the law has been slow to generate a consistent rule for how to treat possession, custody or control of electronically stored information that lives on them.

The majority rule among federal circuit courts for determining what documents are within a party’s control had been the “legal right to obtain” standard, which means that a party has control of a document when the party has “the legal right to obtain the document on demand.”

However, that standard has become muddied in recent years as applied to personally owned cellphones.

The logistics of cellphone collection are partly to blame, particularly regarding text messages. Unlike email and other messaging apps that keep copies on servers, text messages are usually only able to be obtained from the cellular device.

The search and export functionality in mobile operating systems is not well suited to a targeted collection.

Generally, to search, narrow and export a subset of likely relevant data in a more defensible way that preserves the associated metadata with text messages, one must connect the device to a PC running specialized software that will create a copy of most, if not all, the data on the device.

Taking screenshots of texts is often used as an alternative, but in instances where a large number of text messages may be at issue, this is an extremely time-consuming task that is prone to error.

It also results in a production format that is significantly degraded from its normal state, which has been ruled in many jurisdictions to run afoul of the “reasonably usable” standard of Rule 34.

Under normal circumstances, an employer could not demand that an employee turn over her cellphone for inspection and copying for obvious reasons. Most of us have our entire lives on these phones. But when the phones are used for business purposes, courts are showing a willingness to sanction the employers for failing to preserve and collect data on employee-owned devices.

Skansa and Miramontes v. Peraton, Inc. are two relatively recent cases highlighting the interpretation of “control” into something more expansive than a strict legal right-to-obtain standard.

In Skansa, the Court held that an employer has a legal right to obtain business communications from a current employee regardless of whether the communication is located on a personal cell phone. However, that holding also found that all that is required is that the employer “ask the employee to search and produce the responsive information” rather than imaging the phone themselves, noting the serious invasion of privacy that would likely entail.

The unwritten premise here is that the employer simply has the practical ability to ask a current employee to turn it over but may not have an unqualified legal right to obtain it.

Miramontes went further. It explicitly rejected the “legal right to obtain” standard that had previously been used in the Fifth Circuit in favor of a four-factor test:

  • Whether the devices were issued by the employer.
  • How frequently the devices were used for business purposes.
  • Whether the employer had a legal right to obtain communications from the devices.
  • Whether company policies address access to communications on personal devices.

The Miramontes Court addressed only the first and second factors, with the second being sufficient to find that the employer had control over the employees’ text messages.

In both instances, the employers were sanctioned for failure to preserve the text data on devices owned by employees. In neither instance did the company have a policy that addressed the use of personal phones for business purposes.

Skanska and Miramontes highlight the risk of lacking a comprehensive BYOD policy. There is no one-size-fits-all solution that will work for every business, but the key points for management to consider are:

Must employees use text messages for business purposes? If so, is there a mechanism in place to preserve those messages once litigation appears imminent?

If not, is there written policy and training directing employees not to use text and instead use approved communication tools? And if there is a policy against use of personal phones to text business-related information, is the policy followed and/or enforced?•

__________

Robert Simmons is an attorney with Dinsmore & Shohl in Indianapolis where he serves as the office’s eDiscovery Project Manager. The opinions expressed in this article are those of the author and not of the DTCI.

Please enable JavaScript to view this content.

{{ articles_remaining }}
Free {{ article_text }} Remaining
{{ articles_remaining }}
Free {{ article_text }} Remaining Article limit resets on
{{ count_down }}