Befuddled by BYOD? The Sedona Conference Has a New Set of Principles to Guide You: eDiscovery Best Practices
Many organizations are permitting (or even encouraging) their employees to use their own personal devices to access, create, and manage company related information – a practice commonly referred to as Bring Your Own Device (BYOD). But, how can those organizations effectively manage those BYOD devices to meet their discovery obligations? To help with that issue, The Sedona Conference® (TSC) has published an initial Public Comment Version of a Commentary to help.
In late January, TSC and its Working Group 1 on Electronic Document Retention and Production (WG1) rolled out the Public Comment version of its Commentary on BYOD: Principles and Guidance for Developing Policies and Meeting Discovery Obligations. The Commentary is designed to help organizations develop and implement workable – and legally defensible – BYOD policies and practices. This Commentary also addresses how creating and storing an organization’s information on devices owned by employees impacts the organization’s discovery obligations. It focuses specifically to mobile devices that employees “bring” to the workplace (not on other “BYO” type programs) and does not specifically address programs where the employer provides the mobile device.
The Commentary begins with five principles related to the use of BYOD programs and continues with commentary for each. Here are the five principles:
- Principle 1: Organizations should consider their business needs and objectives, their legal rights and obligations, and the rights and expectations of their employees when deciding whether to allow, or even require, BYOD.
- Principle 2: An organization’s BYOD program should help achieve its business objectives while also protecting both business and personal information from unauthorized access, disclosure, and use.
- Principle 3: Employee-owned devices that contain unique, relevant ESI should be considered sources for discovery.
- Principle 4: An organization’s BYOD policy and practices should minimize the storage of––and facilitate the preservation and collection of––unique, relevant ESI from BYOD devices.
- Principle 5: Employee-owned devices that do not contain unique, relevant ESI need not be considered sources for discovery.
The Commentary weighs in at a tidy 40 page PDF file, which includes a couple of appendices. So, it’s a fairly light read, at least by TSC standards. :o)
TSC is encouraging public comment on the Commentary on BYOD, which can be downloaded free from their website here (whether you’re a TSC member or not). They encourage Working Group Series members and others to spread the word and share the link (you’re welcome!) so they can get comments in before the public comment period closes on March 26. Questions and comments may be sent to firstname.lastname@example.org. So, you have a chance to be heard!
Speaking of mobile devices, I’m excited to be speaking this year for the first time at the University of Florida Law E-Discovery Conference on March 29. I’m on a panel discussion in a session titled Getting Critical Information From The Tough Locations – Cloud, IOT, Social Media, And Smartphones! with Craig Ball, Kelly Twigger, and with The Honorable Amanda Arnold Sansone, Magistrate Judge in Florida, moderating. As always, the conference will be conducted in Gainesville, FL (as well as being livestreamed), with CLE-accredited sessions all day from 8am to 5:30pm ET, with an all-star collection of speakers. I’ll have more to say about the conference as we get closer to it. Click here to register!
So, what do you think? Does your organization have a BYOD policy? Please share any comments you might have or if you’d like to know more about a particular topic.
Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.
Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.