The use and capability of mobile devices has increased exponentially over the past few years. There are nearly 7 billion mobile subscriptions worldwide, estimates The International Telecommunication Union. This is equivalent to 95.5 percent of the world population (1). Mobile devices are being utilized as a means of communication and as data stores in workplaces worldwide. As a result, mobile devices have become a popular topic within the eDiscovery market procreating unique challenges that span across the Electronic Discovery Reference Model (EDRM) (2).
BYOD and the Labyrinth of User-Created Data
The growing number and models of mobile devices and their associated Operating Systems (OS), as well as the increase of Bring Your Own Device (BYOD) policies in today’s workplace have added a layer of complexity with regards to the identification of user-created data. Potentially relevant user-created data from mobile devices can be found in several different locations including but not limited to embedded memory, Subscriber Identity Modules (SIM) cards, and removable storage.
File formats and third-party applications also present new identification challenges and can differ greatly from those associated with traditional Electronically Stored Information (ESI) data sources. Given the increased scope of functionality and the vast amount of third-party applications, additional considerations must be taken into account in order to identify what is or is not relevant user-created data.
4th Amendment and Data Preservation
Due to the increase of BYOD polices in today’s workplace, fourth amendment implications need to be considered as well. Should an employee who uses their personal mobile device for work-related tasks presume a reasonable expectation of privacy? Such considerations will likely shape any potential preservation strategy for mobile devices.
As such, preservation of potentially relevant user-created data from mobile devices has become a hot topic in the eDiscovery market place and is being uniformly recognized as a relevant source of ESI with increased frequency. Understanding the full functionality and capability of a mobile device is absolutely essential to the successful preservation of user-created data. Other considerations such as password protection and remote wipe commands must also be addressed as there is significant risk involved when it comes to data loss. Failure to address such preservation considerations could be catastrophic and may adversely affect collection efforts.
Developing a Collection Strategy
When developing a successful collection strategy for mobile devices, there are a plethora of considerations that need to be addressed as well as the increased cost implications associated with the collection of user-created data from mobile devices. In today’s market place there is a wide variety of mobile devices with varying versions of software being utilized.
Understanding the full functionality of the mobile device targeted for collection is an absolute must in order to formulate a successful collection strategy. Depending on the mobile device, deleted content may or may not be recoverable. Which collection methodology should be used for mobile devices, physical or logical? A large majority of devices have Internet capability therefore the presence of Internet history; multimedia messages such as MMS and SMS; email; videos; as well as third-party applications are also all likely to contain user-created data. Depending on the mobile device these items may or may not be recoverable.
Mobile device data types can also present unique challenges during processing and document review as some of these file types cannot be processed or require conversion to an alternate file type for review. Data massage and conversion efforts for these data types increase the ever-expanding costs for eDiscovery services as additional considerations must be acknowledged. The presence of audio or video files can further inflate eDiscovery costs in most cases as they require a native review increasing review times. The metadata associated with mobile device data types can also present some eDiscovery challenges as well. Take for example text messages (SMS). Unlike email data, text messages contain no record of when the message was first read and may be incomplete if erased from a mobile device. Depending on the case, this metadata may or may not be essential.
Key Considerations when Planing for Mobile eDiscovery
Based on current trends; the functionality, capability, and use of mobile devices in today’s workplace will likely continue to increase in the years to come resulting in additional data sources and potentially relevant user created data. With this increased development, operating systems, file types, and hardware are very likely to evolve. This will force the eDiscovery market to keep pace. Today’s mobile devices are already a hot topic for eDiscovery professionals and will likely be considered as mainstream sources of ESI in the very near future.
Below are some key considerations that should be addressed when planning for mobile device eDiscovery.
- Have a customizable plan in place for incorporating mobile devices into the eDiscovery process which segregates company data from personal data, eliminating potential Fourth Amendment concerns. Creating a Bring-Your-Own-Device (BYOD) device policy to regulate how devices should be used must be seriously considered.
- Develop workflows and procure the technology to retrieve discoverable data off of mobile devices for review which reduces the amount of employee personally identifiable information (PII) introduced into the eDiscovery life cycle.
- Know who in an organization uses mobile devices as well as the device type and how the device is used. This will reduce obstacles when planning for the preservation mobile device data.
- Know the full functionality of the mobile device. Data generated from mobile devices can most likely be accessed via company servers. However, data might reside in the cloud or on the physical device. Due to the variety of mobile devices and their operating systems coupled with the wide variety of forensic tools available preservation of mobile device data has become a far more complex and rapidly changing evolution.
Looking at the state of the mobile device market, it is difficult to ignore the fact that mobile devices will continue to play a major role in civil and criminal investigations worldwide. Incorporating them into an initial eDiscovery strategy and developing workflows to account for them as potentially relevant user-created data stores will be vital as they are being acknowledged as such with increased frequency. Failure to account for these devices in the eDiscovery life cycle could potentially produce catastrophic results.