by Elijah Yip
One of the dramatic revelations in the Deflategate saga was that Tom Brady had his cell phone destroyed shortly before meeting with the NFL’s investigators. According to the NFL’s written decision suspending Brady, he knew the investigators wanted access to text messages on the phone he had when the AFC Championship was played. Even so, he instructed his assistant to dispose of the phone—just four months after he started to use it. The dubious circumstances surrounding the disappearance of the phone greatly hurt Brady’s credibility in NFL Commissioner Roger Goodell’s eyes and was instrumental in Goodell’s eventual decision to discipline him. 
There are HR lessons to be learned from this story. An employee’s mobile device can contain information you need for an investigation or a lawsuit. So what can you do to get access to the device or the data on it now that employees frequently use their personal devices for work?
BYOD policy, litigation hold
Adopting a “bring your own device” (BYOD) work policy is a good start. At a minimum, a BYOD policy should reserve the company’s right to access any electronic device an employee uses for work, even if the employee owns it. The policy should also state up front that employees have no expectation of privacy for data stored on their personal devices—that’s the tradeoff for letting them connect to the company network.
After establishing the ability to take possession of employee-owned devices, think through the steps for preserving data on them before it’s too late. One measure is to issue a “litigation hold” instructing employees not to destroy a device or delete data from it. Be specific about the kinds of data they need to preserve. A crucial element of a litigation hold is an instruction to suspend routine purging of data or equipment—much like Brady’s practice of destroying his old phone whenever he got a new one. The litigation hold should be issued as soon as you know a lawsuit or investigation is coming.
Next, determine the kind of electronic information you want. Preservation and extraction methods differ depending on the data. Text messages need to be preserved quickly because once they’re deleted off a phone or tablet, it’s difficult to find a copy of them elsewhere. As Brady learned when he tried accessing text messages on his missing phone through his wireless carrier, carriers don’t keep subscribers’ text messages on their servers for very long, and they typically delete the messages after delivery to the recipient. E-mails have a longer shelf life, especially if they’re stored in a Web-based account like Gmail or Yahoo or transmitted through company servers.
Be proactive and act quickly. Don’t let your hopes of securing the electronic evidence you need get deflated.
Elijah Yip is a partner with Cades Schutte LLP in Honolulu and chair of its digital media and Internet law practice group. He is a frequent contributor to Hawaii Employment Law Letter and author of the blog LegalTXTS blog. He may be contacted at eyip@cades.com.