Inventus Blog

Inventus is a leading global discovery management practice, focused on reducing litigation costs through a suite of bundled, best-of-breed technologies.

BYOD: The E-discovery Implications of a “Bring Your Own Device” Policy in the Workplace

Posted 08/5/16 7:29 PM by Inventus

The use of mobile devices in the workplace is an ever-evolving practice.  When organizations first started taking advantage of increasing mobile technology, particularly cell phones and laptops, most implemented “Company Owned, Personally Enabled” (“COPE”) policies.  The mobile device remained the property of the organization, and the employee used it primarily for work-related tasks.  With COPE, the type and scope of mobile devices can be restricted, affording the organization the ability to fully understand the technology of a limited number of devices and thus providing them with predictability when the data stored on those devices becomes discoverable.  

However, as mobile technology has become more accessible, COPE has become increasingly difficult to enforce.  As lines have gradually blurred between work-related and personal use of mobile devices, some organizations have transitioned to “Bring Your Own Device” (BYOD) policies.   BYOD provides a different kind of predictability from COPE because employers can be better assured that their employees’ work product is contained in one device.  With COPE, employees often use two devices, one professional and one personal, but they don’t always draw a strict line between the two.  This can make it difficult for employers to pinpoint discoverable data when the need arises.  Some additional advantages of BYOD include cost savings associated with employee purchase of the device and increased efficiency as employees have proven to work more effectively on the devices of their choosing.  Nonetheless, with these advantages come certain e-discovery complexities that organizations should address at the outset of creating or switching to a BYOD policy.

Below are some important questions to address in a BYOD framework so that an organization can act defensibly to identify, preserve, and collect data from its employees’ mobile devices:

  • The Who and the What: Who is using mobile devices to create work product and what devices do they use?

It’s critical to maintain a detailed inventory of all employees who use their mobile devices to create work product, as well as what type of devices they use.  When the need for a litigation hold arises, organizations need to be able to act quickly to ensure all relevant individuals and devices can be easily identified so as to defensibly preserve important data.  

  • The How:  Does our IT department understand how the mobile device technology works?

With BYOD, IT departments have the complex task of understanding the nuances of many types of devices due to varying employee preferences and the myriad of devices and platforms from which they can choose.  From Galaxies to iPhones, and tablets to laptops, possessing a strong understanding of the associated technology used by each platform and type of device is critical to ensure that the correct data is identified and collected.  

  • The Where:  Where is the relevant data located?

The risk of BYOD is that it puts the device largely under the control of the employee, and thus data may be destroyed that would have otherwise been maintained by an official document retention program.  To avoid data deletion and costly collections, it’s important to understand if the data is also stored on the company servers, on the cloud, or only on the device.   It’s a good precaution to have employees back up their mobile devices onto the organizational network.  

  • The Why:  Why did the employee use this device?

Understanding what each employee uses their devices for can cull down the time and cost associated with identifying any relevant content.  However, because these mobile devices will also be used for personal reasons, it’s important to avoid violating employees’ privacy by exposing their private content.  

Whether an organization prefers COPE, BYOD or a hybrid of the two, the best protection from e-discovery complications is to implement an effective and practiced mobile device policy – one that is detailed, documented, and well- communicated so that employees follow the safeguards necessary to maintain the integrity of discoverable data.  

New Call-to-action


About The Author

Inventus is a leading international eDisclosure management provider focused on helping clients reduce the costs and risks associated with the disclosure process through the effective use of technology solutions. Its Luminosity technology provides an overlay to industry-standard software to provide unique analysis and insights, creating a more strategic, lasting relationship with its 1,200 clients. Since 1991, Inventus has been providing litigation support services to corporate legal departments, law firms and government agencies. Inventus is an international company with operational headquarters in downtown Chicago. More information is available at


Reduce overall cost and risk of your entire legal process
Learn More