The Sedona Conference on BYOD – Mobile Devices Update, Part 5

11 / 11

A multi-part update on the discovery challenges posed by the proliferation and popularity of smartphones and other mobile devices

In “Data on the Move,” we discussed new usage data, new evidence of evidence, and new technology news related to mobile devices in eDiscovery.  In “A Few Recent Cases,” we began our review of recent mobile device cases.  In “A Few More Recent Cases,” we continued that review, and in “One More Case and Key Takeaways,” we concluded it.  In this Part, we conclude with a review of some recent BYOD guidance.

In our original mobile devices series, we touched on the growing prevalence of Bring Your Own Device (BYOD) policies, writing:

. . . the trend over the last eight years has been towards allowing employees to bring their own device and connect it to company email and other mobile services.  A majority of companies now have or are planning to adopt BYOD-friendly policies, and many organizations are planning to start requiring employees to bring their own device.

This trend was a response to the rising cost to organizations of purchasing smartphones for employees and to employees’ strong personal preferences about smartphone brands and models.  Whether this trend truly results in cost savings and other benefits or not, it definitely creates complications for organizations facing discovery.

Bring Your Own Discovery Complications

In the original series, we focused on the complexity this added to the collection process.  When a company chooses and issues devices (as is still typically done with laptops), it tends to limit the number of brands and models in use at any given time to just a few.  With a BYOD policy, a much wider range of brands and models are likely to be in use at the same time, each of which may require unique steps to facilitate collection and review.

Beyond this added technical complexity, companies adopting BYOD approaches also face added legal complexity when it comes to discovery:

  • Does the company still own data that is stored on an employee-owned device?
  • Is that data still within the company’s possession, custody, or control?
  • Can the company collect that data from the device?  By right?  With consent?
  • What about the privacy interest of the employee in any personal data on such a device?
  • How do the specific policies and practices in place affect these answers?

Unfortunately, there are not simple, consistent answers to these questions, as the analyses are very fact-specific and the applicable standards can vary from jurisdiction to jurisdiction.

The Sedona Conference Guidance

Last year, to help practitioners navigate these vagaries, The Sedona Conference released a guidance document on BYOD issues: “The Sedona Conference Commentary on BYOD: Principles and Guidance for Developing Policies and Meeting Discovery Obligations.”  This document attempts to clearly articulate the issues that need to be considered when adopting a BYOD policy, including the important factors for assessing each issue, the downstream discovery implications of different approaches, and the various legal standards that may apply:

This Commentary embraces a forward-looking approach to BYOD as a permanent trend that is driven by IT’s transformation of both the workplace and society as a whole.  This Commentary seeks to provide guidance to organizations on developing and implementing an approach to BYOD that meets the specific needs of the organization and addresses security, privacy, accessibility, and litigation.  Organizations that responsibly pursue these goals should be able to proceed with confidence that their reasonable efforts will be respected by courts and will not be undermined by disproportionate discovery burdens.

The Five Principles

The Commentary is organized around five core principles:

Principle 1: Organizations should consider their business needs and objectives, their legal rights and obligations, and the rights and expectations of their employees when deciding whether to allow, or even require, BYOD. 

Principle 2: An organization’s BYOD program should help achieve its business objectives while also protecting both business and personal information from unauthorized access, disclosure, and use.

Principle 3: Employee-owned devices that contain unique, relevant ESI should be considered sources for discovery.

Principle 4: An organization’s BYOD policy and practices should minimize the storage of – and facilitate the preservation and collection of – unique, relevant ESI from BYOD devices.

Principle 5: Employee-owned devices that do not contain unique, relevant ESI need not be considered sources for discovery.

As the Commentary explains, “Principles 1 and 2 are designed to help guide an organization in deciding: (1) whether to allow (or even require) BYOD; and (2) how to develop and implement a BYOD program,” while “Principles 3 and 5 address discovery obligations, and Principle 4 explains that organizations likely to be subject to those discovery obligations should consider discovery preparedness when creating BYOD programs.”  The various numbered commentaries accompanying each Principle go into depth on the specific factors to consider, the likely discovery implications, and the potentially applicable legal standards.

For Assistance or More Information

Xact Data Discovery (XDD) is a leading international provider of eDiscovery, data management and managed review services for law firms and corporations.  XDD helps clients optimize their eDiscovery matters by orchestrating precision communication between people, processes, technology and data.  XDD services include forensicseDiscovery processingRelativity hosting and managed review.

XDD offers exceptional customer service with a commitment to responsive, transparent and timely communication to ensure clients remain informed throughout the entire discovery life cycle.  At XDD, communication is everything – because you need to know.  Engage with XDD, we’re ready to listen.

About the Author

Matthew Verga

Director of Education

Matthew Verga is an electronic discovery expert proficient at leveraging his legal experience as an attorney, his technical knowledge as a practitioner, and his skills as a communicator to make complex eDiscovery topics accessible to diverse audiences. A fourteen-year industry veteran, Matthew has worked across every phase of the EDRM and at every level from the project trenches to enterprise program design. He leverages this background to produce engaging educational content to empower practitioners at all levels with knowledge they can use to improve their projects, their careers, and their organizations.

Whether you prefer email, text or carrier pigeons, we’re always available.

Discovery starts with listening.

(877) 545-XACT / or / Email Us