eDiscovery Daily Blog

• November 4, 2021

Even before the pandemic started, working from home was on the rise. The trend allowed employees to be both productive and comfortable. Like any change, the transition to remote work was met with some skepticism. Many worried that limited in-person interaction would negatively impact work relations and company culture. Another concern was that employees wouldn’t get their work done at home. Though the research is mixed, several studies suggest that working from home greatly improves productivity. Amid the controversy, remote work skyrocketed as quarantine guidelines were set in the United States. This shift boosted the popularity of BYOD policies in the workplace. BYOD is shorthand for “bring your own device,” a practice in which businesses allow employees to conduct work activities on personal devices.

From both the employer and employee perspectives, BYOD policies come with a list of pros and cons. Employees typically enjoy the change, grateful that they don’t have to carry two phones everywhere. BYOD allows them to conveniently handle business and personal affairs from the same device. Through this system, an employee can work from anywhere at any time. From the employer’s standpoint, BYOD practices can be a money saver. Companies that supply and maintain work phones are expected to foot the bill. BYOD, however, eliminates those business expenditures.^[1] In terms of ediscovery, BYOD poses significant privacy and security concerns. Now more than ever, companies should reevaluate their BYOD policies, ensuring that sensitive data is well-protected.

Questions to Consider

Before drafting or revising BYOD policies, there are several questions that a company should ask itself. Below is a list of sample questions to get the ball rolling:

• Where do we draw the line between corporate and personal data?
• What data can we legally obtain and examine from personal devices?
• What types of data should we collect (texts, emails, videos)?
• What are the data privacy laws within this jurisdiction? How do we ensure that the policies adhere to these laws? ^[1]
• Does our BYOD program align with the 5 principles outlined in the 2018 Sedona Conference? Read our post to learn more: Befuddled by BYOD? The Sedona Conference Has a New Set of Principles to Guide You: eDiscovery Best Practices

BYOD Recommendations

• Ask new employees about the BYOD policies at their former jobs. If the employee previously used their personal device for business matters, their device could still contain competitor data. Detecting and eliminating competitor data early on reduces the risk of lawsuits. ^[2]
• Pay particular attention to securing data from your legal department. Legal departments, specifically, are a popular target for hackers because they manage large amounts of sensitive information.
• Consider setting time limits on employee access to highly sensitive material.
• Consider an employee’s position in the company before allowing them to operate through a personal device. If their position requires consistent interaction with confidential information, it’s safer to supply them with a work phone. ^[3]
• Outline any software and applications that employees should not use.
• Establish protocols for litigation holds and employee departure. ^[1]

References

^[1] Russell Beets, “BYOD (Bring Your Own Device) Policies and Best Practices,” LitSmart E-Discovery, November 17, 2017.
^[2] Will Kelly, “BYOD and the danger of litigation” TechRepublic, November 3, 2015.
^[3] Frank Ready, “When Should Companies Refresh BYOD Policies? With COVID-19, It’s Now” Legaltech News, July 16, 2020.