A case out of Kansas last month confirmed that an employer is not in possession of an employee’s personal text messages for eDiscovery purposes. Although this case offers some protection for employee’s private conversations, it also creates some concerns for employers in the future.
In Cotton v. Costco, Mr. Cotton sued Costco for racial discrimination, and he sought a variety of eDiscovery. Interestingly, Mr. Cotton sought text messages from his manager’s personal cell phones.
In order to obtain electronically stored information, it must be within the opposing party’s “possession, custody, or control.” ESI is in a party’s control “if the party has actual possession, custody, or control or has the legal right to obtain the documents on demand.”
The court rejected Mr. Cotton’s request, reasoning that Costco did not have possession, custody, or control of text messages on employee’s personal cell phones:
Mr. Cotton does not contend that Costco issued the cell phones to these employees, that the employees used the cell phones for any work-related purpose, or that Costco otherwise has any legal right to obtain employee text messages on demand. Accordingly, it appears to the court that Costco does not likely have within its possession, custody, or control text messages sent or received by these individuals on their personal cell phones.
But the court’s reasoning raises some questions as to whether the result would be different if the employees used their cell phones for work-related purposes. As Jay Yurkiw at Technology Law Source suggests, employers who allow their employees to use their own devices for work could be responsible for the preservation and production of electronically stored information on the device—despite the fact that the device is also used for the employee’s personal use.
In order to mitigate this risk, commentators have suggested clearer policies on using your own device for work, software controls, and reserving the right to access the personal devices. (This week’s Inside and Out post addresses this too). But it is unclear whether these types of policies would actually make it more risky for companies because such policies might allow a court the find that the company has “possession, custody, or control” over the information in the devices.