Among the more obvious e-discovery headaches created by the BYOD trend are these:
- Your corporation doesn’t own or physically control the device. So how are you going to get discoverable data from it?
- Most users – no matter how technically proficient – don’t know how to take care of potentially discoverable data to prevent it from being deleted. So how can you ensure collection?
- The location of the data you seek may not be on the device – it may be in the cloud or on a corporate server. Can you pinpoint the location of mobile device data?
- Data formats are often quite different on mobile devices with small form factors than on laptops or desktop computers. Can your IT or e-discovery teams guarantee your ability to find and collect a handwritten note on an iPad?
- New devices are launching monthly. How quickly can mobile application providers provide data security or ensure forensic retrieval of data from those devices?
Critical Best Practice #1: Create a Strong Set of BYOD Policies
BYOD and the increasing pace of changes in the mobile device market are challenging even the most advanced IT security and e-discovery teams. So, in the absence of the ability to control the adoption of devices or to speed the in-house capability to collect discoverable data from them, the best approach is to get your BYOD policies in place.
We recommend that you consider the following policies, first outlined by David J. Walton in Law Technology News:
- Requiring employees to refrain from using or sharing any company information on personal devices for anything other than company use.
- Prohibiting the copying or storage of specific, critical types of data from being copied to or stored on personal devices.
- If using their personal devices for work, requiring employees to password-protect them and to disclose the passwords for each device to the employer.
- Banning the use of personal cloud storage such as Dropbox and Box.net for company information.
- If you don’t want to strictly prohibit the above, requiring employees to disclose the sites and services they’re using, to share the account credentials (login and password) information with IT, and to promise to allow IT to review the site before discontinuing the use of a service.
Critical Best Practice #2: Adopt BYOD-Friendly E-Discovery and Digital Forensics Technology
Until the types and formats for data on mobile devices become more standard, the other critical best practice is the implementation of corporate digital-investigations and e-discovery solutions that readily handle data retrieval from smartphones and other mobile devices. And in preparation for doing so, we recommend that you begin the process of meeting and planning for BYOD-related e-discovery issues collaboratively—and early--with your IT security team.
When everyone is speaking the same language and on board with the same tools and technologies, the process of wresting vital data from a myriad of sources to prepare for impending litigation will go a great deal more smoothly.
Do you and your team currently address the BYOD phenomenon in your e-discovery practices?If so, how?