Jim Gill, content chief with Ipro, explores the challenges in-house teams may face as data collides with Bring Your Own Device (BYOD) policies.
Today’s eDiscovery Blues comic highlights several challenges In-House legal teams might face when working with data in the face of litigation, starting with the sinking feeling that comes when you ask yourself, “Is the I.T. department being sarcastic?” That’s part of the humor here, but the answer given about simply having everyone use Snapchat as a solution for employees using their personal mobile devices for work (Bring Your Own Device or BYOD) raises several points worth discussing.
Corporate Legal Challenge #1: Mobile Devices, e-discovery & BYOD
Mobile devices can be difficult when it comes to e-discovery for many reasons. They contain a large variety of file-types and data intermingled with a lot of private information, which may be privileged. Extracting specific information can be difficult and imaging an entire device can be costly (read this example from recent case law for more on the pros and cons of imaging entire mobile devices).
That’s why it’s important to have policies in place to determine how mobile devices are used for business purposes, which is exactly what Rick Compliance, e-discovery manager, was trying to do when he called I.T. above.
Corporate Legal Challenge #2: Social Media / Chat, e-discovery & BYOD
Messaging platforms (e.g. Slack, Teams, What’s App) and social media (e.g. Facebook, Instagram, LinkedIn, Snapchat) go hand in hand with mobile devices, and we all know that business is conducted across multiple platforms and devices, sometimes simultaneously. Gaining insight into the ESI created by these can be difficult.
With social media, data can usually be requested from the source company (For example, Instagram has a data request form in its Privacy and Security settings), and chat files can be exported, but both of these can be difficult to put into a review-ready format, losing the context of the conversations held within them. And these new data sources continue to grow and be used in interesting ways, as this recent case shows: “Etsy Post Leads to Arrest of Cop Car Arson Suspect in Philly.”
Knowing if these platforms are a potential source of data for your organization should litigation arise is vital. Having policies in place around their use for business and alignment between Legal and I.T. should this data need to be collected is ideal.
Corporate Legal Challenge #3: Avoiding Sanctions for Mobile Data Spoliation, Including Ephemeral Data
Finally, the notion of a company telling employees to use ephemeral data messaging as part of their BYOD policy isn’t so far-fetched. And it can lead to sanctions.
In a recent case, WeRide Corp. v. Huang et al. (N.D. Cal. Apr. 24, 2020), the defendants were sanctioned under FRCP Rule 37, because they directed employees of their company AllRide to communicate using the application DingTalk internally. The CEO testified, he felt it was “more secure” than other messaging platforms; however, DingTalk allows for “ephemeral messages” that automatically delete after they have been sent and read (much the same as Snapchat, mentioned in the cartoon above).
The court’s ruling stated, “AllRide left in place the autodelete setting on its email server, began using DingTalk’s ephemeral messaging feature, and maintained a policy of deleting the email accounts and wiping the computers of former employees after the preliminary injunction issued. This practice of destroying potentially discoverable material shows both willfulness and bad faith. Based on these undisputed facts, the Court finds it appropriate to issue terminating sanctions.”
Mobile Data is no joke and having alignment between Legal, IT, Compliance and other stakeholders is a must before litigation arises. Without clear policies in place, there are so many ways mobile data can quickly become a problem.
Published July 1, 2020.