Hey Compliance Warriors!
As we know a lot of employers provide their employees with a “work phone” or more commonly these days, pay part of their personal phone bill to be able to use their phone for work. That begs the question though… What are your responsibilities as the employer in keeping data records. Here’s some great information regarding this. Read on…
Article via: lexology.com
“With the proliferation and technological advances of cellular phones, the role of these devices in the workplace has evolved at a rapid pace. While five years ago it was common for employers to provide employees with a “work phone,” now many companies instead offer to pay part or all of their employees’ data plans, leaving the employees to buy personal phones that can be used for work (otherwise known as “Bring Your Own Device” or “BYOD”).
A question arises, however, as to whether or not an employee’s personal device is subject to subpoenas and litigation holds directed to his or her employer. Can a subpoena issued from the government naming the employer and requesting all electronically stored information (“ESI”) concerning a subject matter reach the work-related contents of an employee’s personal cellular phone? Is an employee’s personal cellular phone subject to a litigation hold so that the employee must continuously backup (and not delete) data on his or her phone in case it could be related to reasonably foreseeable litigation? Practically speaking, this issue mainly arises with text messages and voicemails because it is likely that if an employee’s personal cellular phone is linked to his or her employer’s email server, the employer’s backup protocol retains those emails without the need of a separate backup of the phone. Employees in today’s world typically have only personally owned cellular phones and use, if not depend on, those devices to conduct business. Courts are split on whether or not text messages, voicemails,and other data stored on employee-owned devices that are used for company business are within the “control” of the company such that the work-related data on employees’ personal phones are subject to litigation holds or subpoenas.
In one case, for example, the plaintiff moved to compel discovery and for sanctions arguing that her former employer, a school district, failed to preserve ESI and to issue a litigation hold to certain “key players.”1 The court granted the motion in part, holding that the employer was obligated to preserve work-related ESI on employees’ personal devices and stating “to the extent that the School District employees had documents related to this matter, the information should have been preserved on whatever devices contained the information (e.g., laptops, cellphones, and any personal digital devices capable of ESI storage).”2
Another court in a multidistrict litigation took a very hard stance on the obligation of employers to preserve and to produce data on employees’ personal devices. The court granted the Plaintiffs’ Steering Committee’s (PSC) motion for sanctions for various discovery abuses, including for the defendants’ failure to preserve and produce text messages stored on employees’ personally owned cellular phones.3 The defendants provided several excuses for their shortcomings, including claiming they were not initially aware that employees used texting for business, and pointing to a company policy prohibiting substantive text messaging with customers.4 The court found that the defendants were obliged to preserve and to produce all text messages related to the litigation, whether on company-owned or personally owned phones, because “[t]he litigation hold and the requirement to produce relevant text messages, without question, applies to that space on employees cell phones dedicated to the business which is relevant to this litigation.”5 The court also demanded that “[a]ny employee who refuses … to turn over his or her phone for the examination of the relevant space on that phone will be subject to a show cause order of this Court to appear personally in order to demonstrate why he or she should not be held in contempt of Court.”6
As another example, a court, in response to a defendant’s motion to compel ESI of a plaintiff’s employees, directed, among other things, that the plaintiff interview certain named custodian employees to determine whether they used personal mobile devices to send or receive text messages relating to the defendant’s counterclaim and ordered the production of all relevant texts.7 The court noted, however, that “[c]ounsel for the parties shall meet and confer regarding an appropriate search protocol to protect the privacy interests of [the] employees.”8
Other courts have taken a contrary view, holding that employers do not have possession, custody or control over personally owned phones and, therefore, are not obligated to preserve data stored on such devices. For example, a court denied a plaintiff’s request for text messages sent or received by two of his former co-employees, explaining that “[d]ocuments are deemed to be within the possession, custody, or control if the party has actual possession, custody, or control or has the legal right to obtain the documents on demand.”9 Because the plaintiff did not contend that the employer issued the cellular phones to the employees, that the employees used the cellular phones for any work-related purposes, or that the employer had a legal right to obtain the text messages, “it appear[ed] to the court that [the employer] does not likely have within its possession, custody, or control text messages sent or received by these individuals on their personal cell phones.”10
Given the uncertainty of whether or not cellular phones and personal devices are subject to subpoenas and litigation holds, the best steps for an employer to take now to avoid struggling with these issues in the future is to implement a personal device policy whereby employees cannot send texts or make phone calls for company business on their personal devices. While a court may not accept that type of a policy as a shield against discovery demands, it may provide the employer with more solid ground in objecting to a request to retrieve data stored on its employees’ personal devices.”
For more information: https://www.lexology.com/library/detail.aspx?g=c090046f-6c8c-4b5d-a6dd-fa56fc073e95&utm_source=lexology+daily+newsfeed&utm_medium=html+email+-+body+-+general+section&utm_campaign=lexology+subscriber+daily+feed&utm_content=lexology+daily+newsfeed+2019-02-28&utm_term=
Until Next Time, Be Audit-Secure!
Lisa Smith
