“The Defendant did not produce any text messages. Their argument was their employee text messages were outside of their possession or control, because they did not issue their employees cell phones. Elkharwily, at *9-10. The Court agreed and denied the motion to compel.
This raises the question that if the Defendants knew their employees were texting as a standard business practice, does that create “control”? Discovery would become highly problematic if employers tried using BYOD as a shield to discovery requests by refusing to issue company devices. Moreover, if employees were using personal devices for work, the Plaintiff could propound discovery on the individual parties in the case. This would switch the production costs to the individual defendants and third-parties.”
I’ll be honest, as much as I see the technical benefits of BYOD policies, this is the thing that scares me to death about them as a privacy advocate. When I use my phone to email, or text, about work, how much of my device becomes discoverable in the context of litigation? I’m not a lawyer, and I don’t have an answer to that question, but I’m also not sure that many lawyers do either.
Yes, in theory, only the data that is work-related should be, but that line between work and personal is almost non-existent in reality. Does a text message between coworkers where they talk about traveling to a location for work, and what they will do after hours count as work-related, or personal? Should an organization be expected to know about those messages, and include them when planning for discovery? Who can define what they should and shouldn’t know?
And, finally, once I have to turn over my phone to my employer in order for them to gather responsive data, who really thinks other information won’t be captured? Who would have access to that?
That’s what the policies are for, but frankly, I don’t suspect many organizations have really given a lot of thought to what will happen in a real world situation.