Image of cellular data

Hold My Phone: Part 1 – Preservation and Collection of Mobile Device Data

Why mobile data matters in litigation and investigations

Mobile devices, especially smartphones, have become home to all manner of data about what we do. That means they should be seen as a key potential source of potentially relevant electronically stored information.

Smartphones have become ubiquitous. We step through life with our mobile devices ever at our sides. According to a recent report from British communications regulator Ofcom, 71% of adults in the UK say they never turn their smartphones off and 78% say they could not live without them.[1]

The data on smartphones – personal and business – rapidly is becoming comprehensive. Smartphones can track who we communicate with, when, how, and about what. They can record where we have been, how we got there, how long we stayed there.  As our smartphones travel with us, they capture a breadth and depth of information about us that can be stunning. They are our telephones and our communicators (think email, text messages, Facebook posts, WhatsApp, and Slack, just to mention a few platforms we use through our smartphones).  They are our cameras, our navigations systems. They are home to our contacts, our boarding passes, our reminder lists, the performance histories of our stocks.

Mobile data – the data available from and via smartphones and other mobile devices – is discoverable: to begin with. There is no doubt whatever about that. Rule 34 of the Federal Rules of Civil Procedure, for example, is clear on that point. FRCP 34(a)(1)(A) states in part: “A party may serve on any other party a request … to produce and permit the requesting party or its representative to inspect, copy, text, or sample the following items in the responding party’s possession, custody, or control: … Any designated documents or electronically stored information … stored in any medium from which information can be obtained directly….”

We use our smartphones to personal ends, of course, but also for business reasons. Bring Your Own Device (BYOD) programs have become commonplace. According to one recent survey, 83% of responding enterprises rely entirely or in part on BYOD programs[2].

Data from personal mobile devices used as part of a BYOD program can be discoverable. Notably, in May 2018 a leading commentator on e-discovery policy, The Sedona Conference, published a set of five principles related to the use of BYOD programs.[3] Principle 3 recognizes that mobile data can be discoverable. It states: “Employee-owned devices that contain unique, relevant ESI should be considered sources for discovery.” At the same time, Principle 5 tries to set some boundaries: “Employee-owned devices that do not contain unique, relevant ESI need not be considered sources for discovery.”

Preservation and collection challenges

When preserving mobile data, several technical and logistical challenges need to be addressed to ensure a defensible approach that minimizes disruption to the business and individual custodians.  One challenge of preserving mobile data is there is little option for preservation without collection.  Companies typically do not log information such as text messages, chat conversations, and call records on a central server.  The only way to preserve information stored locally on the device is to collect the data from each individual phone to prevent spoliation.

With most companies employing a BYOD model, any selected group of custodians often has a variety of different makes and models of smartphones.  The type of phone, operating system version, and custodial data management practices all affect the preservation approach; a single method may not work for all those custodians.  Sometimes, cloud-based backups of mobile data contain all the necessary information.  These backups generally can be collected remotely with minimal interruption to the custodian.  For other smartphones, the only option is a physical collection, which means the custodian may not be able to use the device for a couple of hours or more, depending on the volume of data on the phone.  All of these factors need to be considered when making a collection plan.

The question of exactly what data to preserve also will inform your collection plan.  You will need to decide whether the issues in the case necessitate a full collection of information or whether a targeted collection of information is sufficient.  It’s important to keep in mind that when custodians are using their personal devices for work, they will certainly have private information, such as personal photos, texts/chats with family and friends, GPS/location history, personal health information, and other data that usually is not relevant to the issues of a case and may be protected under privacy laws.  Depending on the location or nationality of a custodian, there may be statutes that require a targeted approach that avoids over-collection of personal information.  Even without such legal protections, custodians may be reluctant to allow their sensitive personal information to be collected.

Once you have determined what information needs to be collected, you may face technical challenges to retrieving that data.  A growing number applications support encrypted messaging, which can be particularly difficult to collect.  Multiple programs can be used to collect mobile device data. While most gather substantially the same data, the specific information needed from the device may dictate the tool that is used for the collection.  Additionally, operating system updates may render collection software incompatible or less effective.  Development updates by device manufacturers are a moving target for creators of mobile data collection software.

Finally, you need to think about ongoing preservation obligations.  For example, if custodians upgrades their devices while on legal hold, what do you need to do with the old devices?  Should they be physically retained or were the initial data collections sufficient?  Also, if there is a need to conduct refresh collections, you will need to remember any technical or logistical challenges that occurred in the past, as you may confront those same issues again.

Conclusion

When managing a case involving mobile device data, it is best to engage a technology advisor who can discuss the different options for preserving and collecting this challenging data type.  The preservation and collection approach will vary from case to case, and changes in technology will require evolving solutions and tools to meet preservation and collection obligations.

Of course, mobile device data presents challenges beyond preservation and collection.  Managing the review and production of this data is more complex than traditional ESI sources.  In our next post, we will be discussing review and production considerations for mobile data.

________________________________________________________________________________________________

[1] A decade of digital dependency (Aug. 2, 2018), https://www.ofcom.org.uk/about-ofcom/latest/features-and-news/decade-of-digital-dependency

[2] Eric McCarty, The State of Enterprise Mobility in 2018: Five Key Trends (June 6, 2018), https://insights.samsung.com/2018/06/06/the-state-of-enterprise-mobility-in-2018-five-key-trends/. Seventeen of enterprises provide mobile phone to all employees (no BYOD there); 31% provide no mobile devices to their employees, relying entirely on employees to use their own devices; and 52% use hybrid approaches.

[3] For detailed discussion on BYOD legal issues, see The Sedona Conference Commentary on BYOD: Principles and Guidance for Developing Policies and Meeting Discovery Obligations, 19 Sedona Conf. J. 495 (2018).

About the Author

George Socha on Email
George Socha
An award-winning attorney, expert witness, and consultant and co-founder of EDRM, George Socha has worked with corporate, law firm,governmental,and service and software provider clients on e-discovery and litigation support challenges and opportunities for over three decades.As a practicing lawyer, an independent consultant, and at a large service provider, he has been active in just about every aspect of e-discovery: directing activities from early identification of potentially pertinent ESI through analyses of produced materials; designing and supervising implementation of TAR and other protocols; presenting content at depositions,hearings,arbitrations, and trials; and testifying on issues ranging from spoliation to pricing to state of the practice.From 2003 to 2009, George and Tom Gelbmann conducted the Socha-Gelbmann Electronic Discovery Survey. In 2005, they founded EDRM, which creates practical global resources to improve e-discovery, privacy, security,and information governance.
Martha Louks on Email
Martha Louks
Director of Technology Services at McDermott Will & Emery LLP
Martha Louks focuses on implementing high-value, efficiency-driven solutions that improve the delivery of legal services for clients. Martha collaborates with legal teams to develop technology and workflow approaches that align with case strategy, reduce costs and improve efficiency. Martha has extensive experience developing defensible processes that center on the tailored use of technology and experienced professionals to achieve results for our clients. She evaluates the efficacy of a wide range of technologies to determine which tools are best suited to a matter’s unique needs. Martha also oversees technology and provides consulting services for McDermott Discovery. She prepares discovery preservation plans capable of withstanding intense scrutiny while simultaneously addressing the flexibility necessary for clients to meet their business obligations. She advises on electronic evidence considerations, working closely with legal teams to incorporate the results of forensic investigation into legal analysis. Martha is also highly skilled in using artificial intelligence for Technology Assisted Review and investigations, consulting on the defensibility and effectiveness of varied workflow approaches. Martha is a Certified Relativity Expert, having three concurrent certifications: Relativity Certified Administrator, Relativity Analytics Specialist and Relativity Assisted Review Specialist.