Photo (cc) by Keith Allison
However you feel about Tom Brady, the Patriots, and football air pressure, today is a learning moment about cellphones and evidence. If you think the NFL had no business demanding the quarterback’s personal cellphone — and by extension, that your company has no business demanding to see your cellphone — you’re probably wrong. In fact, your company may very well find itself legally obligated to take data from your personal cellphone.
Welcome to the wacky world of BYOD — bring your own device. The intermingling of personal and work data on devices has created a legal mess for corporations that won’t soon be cleared up. BYOD is a really big deal: Nearly three-quarters of all companies now allow workers to connect with personal devices, or plan to soon. For now, you should presume that if you use a personal computer or cellphone to access company files or email, that gadget may very well be subject to discovery requirements.
First, let’s get this out of the way: Anyone who thinks Tom Brady’s alleged destruction of his personal cellphone represents obstruction of justice is falling for the NFL’s misdirection play. That news was obviously leaked on purpose to make folks think Brady is a bad guy. (And I’m a Giants fan with a fan’s dislike of the Patriots).
But Brady couldn’t be dumb enough to think destruction of a handset was tantamount to destruction of text message evidence. That’s not how things work in the connected world. The messages continue to exist on the recipients’ phones and in some cases on the carriers’ servers, easily accessible with a court order.
But back to the main point: I’ve heard folks say that the NFL had no right to ask Brady to turn over his personal cellphone. “Right” is a vague term here, because we are still really talking about an employment dispute, and I don’t know all the terms of NFL players’ employment contracts. But here’s what you need to know:
There’s a pretty well-established set of court rulings that hold that employers facing a civil or criminal case must produce data on employees’ personal computers and gadgets if the employer has good reason to believe there might be relevant work data on them.
Practically speaking, that can mean taking a phone or a computer away from a worker and making an image of it to preserve any evidence that might possible exist. That doesn’t give the employer carte blanche to examine everything on the phone, but it does create pretty wide latitude to examine anything that might be relevant to a case. For example, in a workplace discrimination case, lawyers might examine (and surrender) text messages, photos, websites visited, and so on.
It’s not a right; it’s a duty. In fact, when I first examined this issue two years ago, Michael R. Overly, a technology law expert in Los Angeles, told me he knew of a case where a company was actually sanctioned by a court for failing to search personal devices during discovery.
“People’s lives revolve around their phone, and they are going to become more and more of a target in litigation,” Overly said then. “Employees really do need to understand that.”
There is really only one way to avoid this perilous state of affairs — use two cellphones, and never mix business with personal. Even that is a challenge, as the temptation to check work email with a personal phone is great, particularly when cellphone batteries die so frequently.
The moral of the story: The definition of “personal” is shrinking all the time, even if you don’t believe Tom Brady shrank those footballs.
For further reading: here’s a nice summary of case law in PDF form.
What’s your take on the privacy of data on cellphones and other devices used partly for work? Share your comments below or on our Facebook page.