Alarm goes off late, one of the kids cannot find their backpack for school, the dogs still need to be fed, and you have a meeting in less than 1 hour. Good morning chaos! You grab the car keys off the table and manage to get out the door in record time with everyone fed and intact. You are finally on the road when you realize your car is running on empty.  You quickly drop off the kids at school and rush to the gas station to fill up just enough so that you are not running on fumes and can make it to your meeting on time. Sitting at the gas station, you reach for your phone to check email and make sure all is still set for the meeting. Where is it? Every pocket searched, work bag rummaged through at least twice, and console checked, but it is nowhere! Then it hits you. It is on the table right where your keys were, AT HOME! As late and as stressed as you already are, you turn back home to get it.

Why is it that we cannot get through the day without our mobile devices? Checking email, managing calendars, making calls, reading the news, checking on webcams to make sure all is well at home after school, face timing, and picture taking. You name it, we do it all day on our phones. However, in the legal arena during discovery, these little devices can be one BIG headache.

So many employees use their mobile device for work, whether all uses are approved or not. Folks text their coworkers and/or bosses about projects, urgent work matters, or various other work-related issues. Emails often are sent back and forth all day and night about the same related issues. Use of work email and personal emails may be intertwined. Social media may be used for various work functions. And, as you already know, you can do most anything else on your mobile device.

In almost every litigation matter one or both sides are now asking to see content from mobile devices for any given named deponent and/or group of employees in the suit, and they want to see anything and everything they can get their hands on. Those pesky text messages and archived social network data are challenging to gather, and most companies have no policy in place surrounding them, except for the disclaimer that you should not use them for work purposes. The same issues apply around personal email accounts or other non-company approved applications, and realistically not many people adhere to those rules either. 

So when you are faced with litigation discovery and the other side wants the content of the devices, what do you do?  Without the user’s physical asset and passwords it is close to impossible to extract anything unique from a mobile device. The truth is that IT does not have that much magic up their sleeve. It is hard to tell whether the user is using personal email on the device for work purposes or just their work email. IT can confirm if a work email account connects to servers at the company, but what about the personal accounts? An employer cannot get to those without complex technology implementations or the willing cooperation of the employee to provide access and most of the time the employees in question have left the company by the time you need to collect their data. 

There are companies that can run forensic sweeps, try to crack passwords, and attempt to gather and/or collect information from devices, but they are not going to get much, if anything at all. Just look at the current battle between Apple and the Department of Justice over the device of the San Bernardino gunman. Point taken?  

What to do? Best practices vary greatly, but here is a start:

  • Where appropriate, utilize mobile device management and similar applications. When adopting, start with a reporting first (“what is going on?”) mentality before working to safeguard and collect from personal devices.
  • Create clear and concise company/department policies and related procedures surrounding mobile devices and their approved uses.
  • Develop clearly written guidelines that are routinely distributed to all employees and routinely reinforced. Ongoing communications will be your best defense to keep employees from using the devices for anything other than approved uses and will help aid your team when those requests come in and you have to provide discovery responses to the other side as well. 

Mobile devices are a blessing for companies as they allow greater employee productivity, constant connection with employees, and remote accessibility for employees; however, could they also be a curse?