Clear policies are a must when employees take control of mobile devices
The use of mobile devices in the workplace is an ever-evolving practice. When organizations first started taking advantage of increasing mobile technology, particularly cellphones and laptops, most implemented “company owned, personally enabled” (COPE) policies. The mobile device remained the property of the organization, and the employee used it primarily for work-related tasks. With COPE, the type and scope of mobile devices is restricted, affording the organization the ability to fully understand the technology of a limited number of devices, thus providing them with predictability when the data stored on those devices becomes discoverable.
However, as mobile technology has become more accessible, COPE has become increasingly difficult to enforce. As lines have gradually blurred between work-related and personal use of mobile devices, some organizations have transitioned to “bring your own device” (BYOD) policies. BYOD provides a different kind of predictability than COPE because employers can be better assured that their employees’ work product is contained in one device. With COPE, employees often use two devices, one professional and one personal, but they don’t always draw a strict line between the two. This can make it difficult for employers to pinpoint discoverable data when the need arises. Some additional advantages of BYOD include the cost savings associated with employee purchase of the device and increased efficiency as employees have proven to work more effectively on the devices of their choosing. Nonetheless, with these advantages come certain e-discovery complexities that organizations should address at the outset when creating or switching to a BYOD policy.
Below are some important questions to address in a BYOD framework so that an organization can act defensibly to identify, preserve and collect data from its employees’ mobile devices:
- The Who and the What: Who is using mobile devices to create work product and what devices do they use?
- The How: Does our IT department understand how the mobile device technology works?
- The Where: Where is the relevant data located?
- The Why: Why did the employee use this device?