BYOD in e-Discovery: Managing Risks and Ensuring Best Practices in 2016
The proliferated use of personal mobile devices for professional purposes, normally referred to as “Bring Your Own Device” (BYOD), in today’s workplace increases the complexities in identifying user-created data, thus creating a swarm of legal and practical challenges for organizations of all sizes. In this LIVE Webcast, a remarkable panel of key thought leaders and professionals assembled by The Knowledge Group will help the audience understand the most important aspects of BYOD in eDiscovery and the fundamentals of these challenges. Going beyond the usual mechanics, the speakers will provide the audience with their expert thoughts and insights on how to identify and effectively and efficiently manage risks and the current best practices in this significant area.
- BYOD in e-Discovery – A Perspective
- Legal and Technological Challenges of BYOD e- Discovery
- Regulatory and Jurisprudence Issues
- Devices Types in BYOD Programs
- Corporate Owned & Personally Enabled (COPE)
- Corporate Owned & Business Only (COBO)
- Hacking Forensics in e-Discovery
- BYOD Access Limits: Networks, Applications, Servers, and Cloud
- On-boarding, Guest Management, Credentialing and Authentication
- BYOD and Data Ownership Issues
- BYOD and Employee Privacy Violations
- BYOD e-Discovery Cost Management
- Practical BYOD e-Discovery Strategies
- Recent Litigation
- Recent Regulatory Developments
Michelle B. Cook, Sales Manager
- Overview of BYOD/COPE/CYOD
- How to formalize a BYOD initiative
- BYOD policy considerations
- Separating work from personal information
- Protecting corporate information
- Preserving employee privacy
Jennifer H. Rearden, Partner
Gibson, Dunn & Crutcher LLP
- Courts’ general reaction to BYOD policies: Several cases suggest that courts will not necessarily defer to a company’s BYOD policy when resolving disputes over information on personal devices. As a result, though increasingly common, BYOD gives rise to unique considerations when it comes to document preservation and privacy.
- The duty to preserve: In general, courts have imposed the same preservation duty regardless of whether the data in question is on cell phones or in more traditional sources, such as computers. Some courts have applied a strict preservation standard, holding, for example, that the duty to preserve attaches the moment a litigant sought legal counsel in connection with the underlying transaction or event.
- Preservation challenges: BYOD appears to pose some special challenges with respect to preservation. For example, courts have sometimes faulted employers who failed to preserve data on employees’ mobile devices, with some deeming employers grossly negligent for failing to preserve once a duty to preserve had attached. Yet in a BYOD environment, employers may not have the ability (or even the right) to prevent data from being destroyed. This creates a risk of sanctions, notwithstanding that a company might not have considered itself at liberty to undertake the necessary steps to preserve the data in question. This is more common than one might think: unbeknownst to employers or employees, employee devices and accounts may carry default auto-delete protocols that regularly purge data. Parties’ diligence may not overcome deletion (and therefore potential spoliation) that is outside of their control. Of note, there is authority for the proposition that, even if ESI is not recoverable directly from a device, parties are under an obligation, where possible, to collect the data directly from service providers. And ignorance about technology may not exculpate a litigant; sanctions decisions appear to assume that the production of BYOD ESI is not prohibitively complex and, indeed, expected of litigants and counsel. That said, under the amended Rule 37, litigants may be able to escape relief if they took reasonable steps to preserve the ESI, and they may avoid the more severe sanctions if they did not intend to deprive their adversary of the ESI’s use in litigation.
- Employees’ privacy rights: In some states, courts have held that employees retain some privacy interest in the data on their device, even where an employer’s BYOD policy provides that the employer retains control over corporate data on the device, if the employees use personal third-party accounts (e.g., Gmail) or import their personal mobile accounts or numbers to employer devices—or if employers allow employees to regularly make personal calls and send personal messages, or fail to address employees’ privacy rights in their BYOD policies. While employees may lose such protection by allowing their employers unnecessary access to their personal data, searches with “a legitimate work-related purpose” that were “not excessive in scope” have been found not to infringe employees’ reasonable expectation of privacy on employer-issued devices. It is likely that these issues will continue to be litigated, and the boundaries more clearly defined, in years to come.
Grace A. Nguyen, Senior Counsel
Chapman, Glucksman, Dean, Roeb & Barger APC
- Containerization: There are applications that create isolated “containers” on employees’ personal devices. This allows companies to separate out personal data and company ESI that needs to be stored. This is a trend emerging in BYOD – it prevents the accidental/automatic deletion of relevant data on the mobile device/tablet/personal computers and makes it easier to separate out and manage personal data from the employer’s data that must be stored. Additionally, containerization addresses employee privacy concerns and helps ensure that personal data is not inadvertently disclosed to a third party during litigation.
- BYOD and how courts have treated the issue of “possession, custody or control”: A discussion of how courts have treated BYOD in terms of whether companies must turn over the data on these devices and what is considered to be within the employer’s “possession, custody or control”.
- Best practices for what should be included in BYOD policies: All major stakeholders (legal, IT, HR, etc.) should participate in creating a policy. With the emergence of new technology that serves as a method for employees to conduct their work (e.g. the Apple watch), companies should be as specific as possible in detailing exactly what data the employee needs to preserve and on what devices that data might potentially be located on. Thus, BYOD policies likely need to be continually updated and tailored to respond to any new technologies.
- Challenges in collection of BYOD data: Companies must consider how to impose, enforce and document legal holds for mobile devices. In order to effectively implement holds, they need to know who is using mobile devices, what devices they are using and how. It is also critical to communicate to employees their mobile devices are subject to a litigation hold and to suspend any regular deletion of text messages and mobile data. Collection also presents a challenge. To conduct a collection of the data often requires access to the device itself which could be problematic in term of am employees’ privacy rights. Collection is also complicated by the fact that employees use a wide range of devices that change and upgrade constantly. There may be issues with “jail-breaking” the device or getting access to the data itself.
Who Should Attend:
- E-Discovery Attorneys
- Employment Lawyers
- Technology Lawyers
- Privacy Lawyers
- Information Technology Chiefs
- Senior Managers
- Human Resources Managers
Michelle Cook is a Sales Manager for IBM MaaS360. Michelle started her career with MaaS360 in 2009 and has spent the majority of her time in this position consulting with clients in highly regulated industries such as Healthcare, Finance, and Legal on best practices for increasing productivity while also maintaining security and end-user privacy on both employee-owned devices and corporate-provisioned devices. She currently manages a team who is responsible for supporting clients in the Commercial Industry such as Retail, Manufacturing, and Legal.
Michelle Cook is a Sales Manager for IBM MaaS360. Michelle started her career with MaaS360 in 2009 and has spent …
Jennifer H. Rearden is a partner in Gibson, Dunn & Crutcher’s New York office. She is Co-Chair of Gibson Dunn’s Electronic Discovery and Information Law Practice Group, and a member of the Litigation and Crisis Management Practice Groups. She also serves on Gibson Dunn’s Partnership Evaluation and Compensation Committees.
Ms. Rearden represents clients in complex business litigation, including securities fraud, hostile M&A, and disputes with states and municipalities, as well as internal investigations. She has argued before multiple federal and state courts and administrative bodies, and has tried cases to judges and juries. Ms. Rearden’s practice also frequently includes assisting clients in responding to high-profile events and evaluating legal risk, and counseling clients regarding crisis management planning and effective crisis response.
Jennifer H. Rearden is a partner in Gibson, Dunn & Crutcher’s New York office. She is Co-Chair of Gibson Dunn’s Electronic Discovery and Information Law …
Grace Nguyen concentrates her practice on employment law, professional liability, general civil litigation, and business litigation. She has substantial experience in all aspects of civil litigation from intake through final disposition and has represented clients in a wide range of employment matters. Ms. Nguyen also has experience in counseling corporate clients on employment related issues, including the preparation of employee handbooks, drafting of privacy and social media policies, and advisement on document retention policies. Ms. Nguyen is also an Adjunct Professor at Loyola Law School and the University of California, Irvine School of Law teaching courses in electronic discovery, which examine the technical and legal aspects of electronic discovery, including the preservation, review, collection, production and use of electronically stored information in litigation.
Grace Nguyen concentrates her practice on employment law, professional liability, general civil litigation, and business litigation. She has substantial experience …
Print and review course materials
Method of Presentation:
NASBA Field of Study:
Specialized Knowledge and Applications
NY Category of CLE Credit:
Unlock All The Knowledge and Credit You Need
Leading Provider of Online Continuing Education
It's As Easy as 1, 2, 3
Get Your 1-Year All Access Pass For Only $199
About IBM MaaS360
IBM MaaS360 is the trusted enterprise mobility management solution to thousands of customers worldwide - from Fortune 500 companies to small businesses. We make working in a mobile world simple and safe by delivering comprehensive mobile security and management for applications, documents, email, and devices. Instantly web accessible, IBM MaaS360 is easy to use and maintain and provides the flexibility organizations need to fully embrace mobility in every aspect of their business. Backed by the most responsive support in the industry, we put customers first by providing them with the best user experience for IT and employees. To learn more go to www.ibm.com/maas360.
About Gibson, Dunn & Crutcher LLP
Gibson, Dunn & Crutcher is a premier, full-service international law firm and recognized leader in representing companies ranging from start-up ventures to multinational corporations across diverse industries from high-technology to manufacturing, financial institutions and other service companies to government entities. The firm advises its clients on some of today’s most complex, challenging, high-profile and transformative matters around the world, handling every aspect of litigation, crisis management, corporate transactions and counseling, corporate governance, regulatory law, antitrust law, business restructurings and reorganizations, tax, employment and labor law, intellectual property and real estate law, and many related practice areas.
Consistently achieving top rankings in industry surveys and major publications, Gibson Dunn is distinctively positioned in today’s global marketplace with more than 1,200 lawyers and 18 offices located in major cities throughout the United States, Europe, Asia, the Middle East and Latin America.
About Chapman, Glucksman, Dean, Roeb & Barger APC
Chapman, Glucksman, Dean, Roeb & Barger has become a multi-faceted law firm with offices in Los Angeles, Orange County, Sacramento and the Bay Area. Our AV rated firm has diverse practice groups consist of highly skilled, insightful, responsive and pragmatic lawyers who vigorously advocate our client’s interests, and secure economical, result-oriented and creative solutions to complex issues.