The impact of BYOD on e-disclosure

The increase in the number of employers permitting and even encouraging employees to use their own personal electronic devices for work purposes, which has become known as “bring your own device” to work (BYOD), has far reaching impacts.

The well-reported positives to be gained from such practices are that they can:

greatly assist mobility of the workforce and flexible working patterns;
result in a decreased cost to employers in respect of the ownership of hardware;, and
when well-received by employees, should lead to increased employee satisfaction and productivity.

The impact of e-disclosure

One issue which employers should consider before allowing BYOD is whether they have the right to access documents stored on their employees’ and ex-employees’ personal electronic devices. In particular, this could cause problems if the employer is embroiled in any subsequent litigation. Discovery and disclosure exercises may well extend to information stored on electronic devices owned by employees which are used for business purposes.

The basics of electronic disclosure, or e-disclosure, are the same as ordinary disclosure. A party to litigation is obliged under the Civil Procedure Rules 1998 to disclose any documents which are or have been in its control and upon which it intends to rely, which adversely affect its case, which adversely affect another party’s case or which support another party’s case.

“Documents” can be “anything in which information of any description is recorded“. Reflecting the fact that most business is now transacted and recorded electronically, there is a specific Practice Direction under the Civil Procedure Rules. This provides detailed guidance on e-disclosure and makes clear that documents include electronic documents, computer records, program and system files, e-mails, text messages, databases, spreadsheets, videos, voicemails and audio files.

The definition of a document also extends to material which is not readily accessible. This could include electronic documents stored on servers and back-up systems, electronic documents which have been deleted but are still retrievable with appropriate software and information stored and associated with electronic documents, known as metadata.

Whether a document is within a party’s control will depend on whether that party:

has had past or present physical possession of the document;
has a right to possession of the document; or
has a right (based on statute, contract or the legal relationship between the parties) to inspect or take copies of the document.

A court may infer that the legal relationship between an employer and its employees is sufficient for the employer to have the right to possession of any work-related documents which their employees have stored on personal electronic devices. It will always be preferable, however, for employers to have this right expressly documented in an agreement with its employees, so that they are able to enforce its terms more easily.

Clearly, such wide ranging obligations could seem never-ending for a party to litigation now that many companies have complex IT systems and employees use a range of personal devices in their work. However, parties are only obliged to conduct a “reasonable search” for documents. What is reasonable will depend on the number of documents involved, the nature and complexity of the proceedings, the ease and expense of retrieval of any particular document and the significance of any document which is likely to be located during the search.

When considering the retrieval of electronic documents, issues to consider include:

their accessibility on servers or back up systems or in other sources;
the location of relevant documents;
the likelihood of locating relevant data as a result of a search;
the cost of recovering, disclosing and providing inspection of any relevant electronic documents; and
the likelihood that electronic documents will be materially altered in the course of recovery, disclosure or inspection.

Parties to litigation should consider early on in proceedings whether any third parties may hold documents which might help their case or damage another party’s case. This could extend to documents and data held by employees and ex-employees on their personal devices. If it is identified that third parties may hold data and those documents are not forthcoming following a request, it is possible to apply to the court for an order for disclosure against that party, known as a non-party disclosure order. However, it should be borne in mind that the court has a discretion whether or not to grant such an order and will consider the cost implications for both parties.

Addressing potential issues

In many cases, even if an employer does not have a specific BYOD policy in place, employees are likely to be willing to cooperate with any request by their employee for them to provide relevant information. However, problems are more likely to arise in this regard after an employee has left the company (either in adverse circumstances or on good terms but where they later cannot be easily traced).

In relation to ex-employees who have moved abroad, employers would need to consider what is a “reasonable search”. If the employee’s role was peripheral in the dispute and most of their documents have already been backed up on the work servers then asking them to hand over all their personal devices for a more forensic search is probably unreasonable. This might be different if the employee is a vital witness whose documents, metadata and deleted documents which are not backed up elsewhere are key to the case and/or some information, for example calendar or voicemails, is only available on the device itself.

To assist with the above issues and ensure that an employer can comply with their obligations to conduct a reasonable search for documents and limit the time and expense that this could involve, employers should ensure they have an information governance strategy in place. A vital part of such a strategy should include a written BYOD policy which is agreed by any employees. Ideally, such a policy should:

detail security measures and backup requirements;
set out a clear understanding of the ownership of information relating to the company; and
include a strict requirement for the employees to deliver up their devices upon request either at the end of their useful lives or at the end of their employment. This will allow the employer to take back ups of the necessary information and ensure all sensitive company information is fully deleted.

At any point in time, if litigation is contemplated, employers must preserve disclosable documents. Therefore, regular deletions of documents should not take place during this time and employees should be encouraged to ensure all of their documents are regularly backed up on the main server. Having an IT platform in place which can be easily accessed by a range of devices can help facilitate the swift and regular back up of information. Ideally, the BYOD policy should include an obligation on employees to back up their documents regularly in any event.

Since the introduction of e-disclosure, case law in this area has increased and companies have been subject to costs awards for failures to comply with their legal obligations. This should act as a warning to employers who think that they can ignore this issue, as it can only be a matter of time before the courts specifically focus on employers’ obligations to disclose information stored on their employees’ personal devices. Employers should ensure that these issues are properly considered and addressed when they are implementing BYOD policies.

Author

Nicola McMahon, Solicitor

Charles Russell LLP

2 Comments

Nigel Heyes on Tuesday, June 26, 2012 at 3:48 pm

It should be plane as day that any document produced by an employer or document produced by an employee for his employer on the employees electronic device is the technical property of the employer. If that employee stops working for the company the employer has the right to request that the former employee removes all such technical property from the device.
It would be a legal minefield to inforce.
Andy Lake on Friday, July 6, 2012 at 3:36 pm

Good practice in smart/flexible/mobile working is to retain all data centrally. In BYOD situations, there should not be any local copies of company information.

The article talks about ‘backup’ on a central server, but this is actually the wrong way round. Local copies will be the rare exception.

So my feeling is that this danger can be somewhat exaggerated.

It reminds me of reading advice from lawyers worried about litigation back in the mid-1990s that staff should not be allowed to send emails without them being signed off by a manager …

News

HR News

Future of Work News

Equality, Diversity and Inclusion News

Employment Law

Wellbeing, Health & Safety News

Reward, Pay and Benefits News

Recruitment News

Learning and Development

Analysis

HR Opinion and Advice

Future of Work

Equality, Diversity & Inclusion

Employment Law

Wellbeing, Health & Safety

Reward, Pay and Benefits

Recruitment

Learning and Development

Resources

Live Trainer Workshops

On Demand Courses

HR in Review Premium Podcast

HR in Review Podcast Regular Episodes

Inside HR Webinars

White Papers

Suppliers & Services

Contact

Contact us

About Us

Newsletters

Advertiser Enquiries

Write for Us

The impact of BYOD on e-disclosure

2 Comments

Leave a reply

Train Your Team

Recent Comments on Stories