BYOD e-Discovery Risks: Implementing Policies and Procedures
BYOD is not just a trendy phenomenon -- it's here to stay. While there are many benefits of BYOD including increased company savings in funds and resources related to the purchase and supporting devices, and increased employee productivity and flexibility, BYOD also poses some serious risks.
To assist you in this ever evolving field, we're laying out the problems you should look for, as well as the policies and plans you should set in place.
Problem
The Federal Rules of Civil Procedure were updated in 2006 to reflect changing technology and work place realities and include electronically stored information (ESI). This together with growing case law defining the boundaries of FRCP Rule 34, and the potential risks of widespread BYOD throughout your company start becoming clear: your company's employees' personal devices may be discoverable.
Policy
To Allow, or Not to Allow BYOD
For best practices, the first thing your company should do is to determine whether it will even allow BYOD. Some companies in the technology field just ban the use of BYOD outright to save themselves the legal headaches, as well as the risks of leaking valuable IP.
Developing a Company BYOD Policy
Should your company choose to allow employees to use their personal devices, it's imperative that your company adopt a BYOD policy. According to InsideCounsel a good BYOD policy should define the risks involved with employees comingling personal and business information on one phone, as well as key legal terms such as "trade secret" and "intellectual property."
Since the company does not own the device, it must let the employee know that the device is potentially discoverable, and according to CMS Wire, "should clearly articulate the company's rights with respect to monitoring and accessing all the ESI stored on employees' mobile devices." Your company should also have procedures in place for security, password retrieval, and lost/stolen devices.
Once the policy is adopted, all employees should be made aware of the policy, and required to sign-off on it.
Plan
As important as a BYOD policy is, your company must also have a plan in place to deal with e-Discovery. According to InsideCounsel, you must advise outside counsel to include mobile devices in discovery requests.
Your company should also coordinate with your company's IT department to understand the technology involved in e-Discovery compliance. CMS Wire suggests making sure employees regularly back up company information from their devices to the company's servers so that their devices merely contain duplicative information. InsideCounsel goes a step further and suggests that companies purchase electronic document review platforms to determine what information is relevant for purposes of e-Discovery.
Keeping up with the changes in e-Discovery can be a daunting task. To protect your company, and your employees, consider implementing a BYOD policy. For more information and an interactive too to help you develop an e-Discovery strategy, visit FindLaw's eDiscovery Guide.
Related Resources:
- How To Be an e-Discovery 'Shark' (FindLaw's Technologist)
- How the Ever-Connected Workforce Poses Problems For Your Company (FindLaw's In House Blog)
- Apple's E-Book Antitrust Defeat Helped by Emails, eDiscovery (FindLaw's In House Blog)
- Successful eDiscovery in a Bring-Your-Own-Device Environment (IT@Intel White Paper)