I have a question about this part of the article. Since I’m not a lawyer, I don’t know the answer to this. First, the pull quote:
Larger businesses are more likely to have IT departments with savvy administrators that are able to lock down private channels to prevent abuse, but many smaller companies may be unaware of the problem, Wilson said. “This is so new that not many people know how to control it.”
This means such apps can be generating huge streams of data that may be completely unknown to employers, which makes the prospect of discovery hard. Some apps use the cloud, and data is stored on remote servers not owned by the company, instead of on a local computer hard drive, “so the data isn’t even in the employer’s control,” Halliburton noted.
Now the question. If the data is not in the employers control, can it really be responsible for it in eDisovery? Let me give you an example. When I worked at Nuix, I worked remotely. My coworkers and I communicated through Skype, text messages, and a variety of ways that had nothing at all to do with official Nuix channels. We also sometimes used company-owned channels, like email, or Google apps for business. The company didn’t even issue us phones to use.
So if I texted a coworker, using my phone that I own, to her phone that she owned, how is that an eDiscovery challenge for Nuix? I mean, sure, it’s a challenge in the sense that they have no way to get that data, but should they be able to get that data? Should they be expected to get that data?
If I wanted to make an harassment claim based on that data, wouldn’t I be the one responsible for securing it? Wouldn’t that actually be easy to do from my end since I was on the receiving end of it?
If you wanted that data to prove something else, you’d need a subpoena wouldn’t you? After all I’m using a device owned by me, and a communication tool owned by the phone company, or Microsoft. Technically speaking, it’s not your data. It was not actually workplace communication, it was outside of the workplace communication.
In essence, why should a company expect to be able to claim “ediscovery” over data it doesn’t control, and receive it because they say so? I don’t believe a company should be able to do that unless there’s a court order involved.
But maybe we’ve defined work-related to mean anything that is communicated between two people who work together. That seems dangerous.