Quantcast
Channel: Technology for HR » personal devices
Viewing all articles
Browse latest Browse all 7

Prepare for e-discovery of data on employees’ personal devices

$
0
0

by Elijah Yip

Suppose an e-mail from your company’s in-house attorney instructs you to preserve all documents related to an ex-employee who is threatening to sue the company for wrongful termination. In the days before smartphones and cloud storage, that would have been a relatively limited exercise: Paper documents would be set aside, and files on the company server would be backed up. But work-related data can be stored in many places today, including on employees’ personal devices. Are you required to preserve such data?  

A close call?

Costco Wholesale recently faced that issue in an employment discrimination and retaliation lawsuit. During discovery (the pretrial exchange of evidence), the employee asked Costco to produce text messages from the personal cell phones of two coworkers who mentioned him or his allegations. Costco objected on the grounds that the discovery request required it to invade the privacy of its employees, and there was no indication that they sent inappropriate text messages or used their personal phones for work purposes. The court denied the employee’s request, determining that Costco didn’t have possession, custody, or control of the text messages. Cotton v. Costco Wholesale Corp., 2013 WL 3819974 (D. Kan., July 24, 2013).

Although the court ruled that the employer had no duty to produce information stored on its employees’ personal devices, the outcome might have been different if the facts were changed even slightly. Moreover, courts in other jurisdictions might have taken a contrary approach.

There’s an APPS for that

The law in this area is far from clear, but following the guidelines below will help employers address e-discovery issues in policies applicable to personal electronic devices. An easy way to remember the guidelines is to think of the acronym “APPS.” Follow the APPS guidelines to avoid getting caught off guard by e-discovery requests:

  • Access: Reserve the right to access personal devices that store work-related data. Access is crucial if the company is legally required to collect and produce data from an employee’s personal devices.
  • Permission: Clearly specify which personal devices, if any, employees are authorized to use for work-related purposes. Consider keeping a log of authorized personal devices and require employees to update the log whenever they start using a new authorized device or retire an existing one. Your company’s document retention policy should extend to authorized devices.
  • Privacy: Notify employees that they should have no expectation of privacy with regard to data stored on a personal device if they use the device for work purposes. That prevents your company from being liable for invasion of privacy if you need to search the contents of an employee’s personal device to respond to a discovery request.
  • Segregation: If possible, segregate work-related content on personal devices from personal content. Segregation can be implemented with software solutions, but if that isn’t feasible, at a minimum, instruct and train employees who use a personal device for work how to keep their personal information separate from the work data stored on the device. For example, you should prohibit employees from saving work- related data in a personal cloud storage account.

Elijah Yip is a partner with Cades Schutte LLP in Honolulu and chair of its digital media and Internet law practice group. He is a frequent contributor to Hawaii Employment Law Letter and author of the blog LegalTXTS blog. He may be contacted at eyip@cades.com.


Viewing all articles
Browse latest Browse all 7

Trending Articles