Our Insights

Thought Leadership and Industry Trends

Home 9 Insights 9 Advisory Services 9 Keys to Successful Mobile Device Data Collection

Keys to Successful Mobile Device Data Collection

Oct 28, 2024

Mobile device data is more and more often a target in litigation, largely because of how people communicate and work today. In the world of data collection for eDiscovery, this is creating a problem that is not going away.

For organizations, the push toward Bring Your Own Device (BYOD) is reasonable, and in many cases, inevitable. Rather than mandating technology that employees don’t want, a BYOD system enables workers to use the device of their choice and offers more flexibility in their work habits, including working remotely. 

However, BYOD is a mixed blessing. When employees use their own devices for business, it can boost company morale and lower costs, but control is lost. IT departments cannot dictate what apps or programs employees install, how they keep their devices secure, or what files they download. As a result, most companies don’t know what’s on these devices. When litigation looms, employees are increasingly being asked to hand their phones over for collection. For some enterprises, these challenges are prompting renewed evaluation of the benefits and challenges of BYOD and related policies.

Preparing for the Inevitable – Collecting Mobile Data

As companies have adopted new technologies to facilitate workforce communications, there has been an uptick in the requests to include mobile devices in legal holds and to collect messaging for litigation. It’s only going to ramp up. The Government’s investment in the nuances of preserving short message data is an indication that more rigor and rules will apply to chat message productions, and it’s advisable to get in line with agency requirements.

Collecting and assessing mobile data comes with numerous challenges, including adequate storage space, new and updated applications, and evolving encryption standards. iPhones, for example, are both immensely popular and well-known for their privacy protections, which can create serious issues for time-sensitive matters.

Addressing the challenges and limitations of collecting mobile data is never a one-size-fits-all solution, but rather, each organization needs to do what makes sense for them and their workforce.

The Evolving Scope of Mobile Device Collections

The eDiscovery process has been compared to finding a needle in a haystack. If a custodial device was determined to be relevant to a particular matter, all the data stored on the device was reviewed to find relevant information. As mobile devices have become essential business tools, the scope of what might be discoverable has grown exponentially.

Smartphones commonly contain audio and video files, communications apps (Teams, Slack, Zoom, and more), calendars, contacts, emails, entertainment apps, GPS and location information, phone logs, photographs, reminders, retail applications, social media apps, text messages, and Web search and browsing activity and among other data types.  

And that’s just the beginning.

While many people use personal devices mostly for photos, text messages, videos, and posting on social media, employees also use them for business email, file sharing, and messaging using ‘approved’ enterprise apps like Teams and Slack. Employees may also be communicating – authorized or not – using other platforms, like WhatsApp, Signal, or Telegram. In the hands of a user, often little distinction is made between “business” and “personal” use.

“Say you have 200 custodians on a legal hold, and you’ve got to pull those mobile devices. Of the 50 of them that you’re likely to get data from, not all 50 are using the same messaging apps, often because they work in different departments. It’s not a one-size-fits-all. That’s why mobile device collection and data can be so frustrating.”

– Moira Sweazey, Manager Counsel, Capital One

While the number of applications and data types compounds the complexity of dealing with mobile devices in eDiscovery, today’s advanced software and forensic services can target key data types and exclude other private and otherwise irrelevant information.

Collection Challenges with Mobile Device Management Systems

Detailed, comprehensive IT policies and systems help to curtail the scope of mobile device data. Most mobile device management systems (MDMs) are set up to restrict the download of certain applications or activities on the device. That generally applies to both the BYOD and the corporate device. The BYOD policy needs to provide information about employees conducting business on their phones and the potential need to pull those devices in litigation or investigation.

Depending on device type or how a custodian’s personal and professional systems overlap, MDMs often face hurdles during collections. There’s often confusion over what data belongs to the employee and what belongs to the company.

Collaboration between Legal and IT is Critical

In many organizations, IT and legal don’t routinely work together and the departments have entirely different focus and philosophy. For the good of the organization, they must have a good relationship and open dialogue. From a privacy and compliance standpoint, IT and legal teams need to collaborate to implement mobile device and data policies and address the technical complexities of mobile data collection to overcome these obstacles.

Additionally, experts recommend that teams check-in regularly as technology, phones, data, and messaging apps change extremely rapidly. It’s important to have ongoing calls, especially when you’re trying to create a common language between legal and IT.

Legal professionals in particular may need to overcome the perception that the attorney is the “person of no.” Legal must demonstrate to IT that the only goal – their shared goal – is to achieve the compliance, privacy, legal and data objectives of the company.

Speaking as one voice, legal and IT need to set clear policies, reminders, and rules for how mobile data works and how to save it properly. For example, if companies allow employees to have iPhones, they need to provide clear instructions on whether employees should be backing up to their personal iCloud or their company’s iCloud, or not to iCloud at all.

To minimize confusion and maximize adoption, legal and IT will benefit from improved processes and clear polices as the challenges and complexities of mobile data evolve.

“Even in a BYOD world, we always remind people of their obligations and how we expect them to use their phone for work. It’s never bad to send reminders on an annual basis. Then at the time of reasonable anticipation of litigation, legal holds should include information about mobile devices. Be specific so people understand that they’re included.”

– Linda Banks, Director of Electronic Discovery, Robins Kaplan LLP

As much as companies want to provide flexibility for their workforce, myriad legal issues come with the possession, custody, and control of devices. If an employee is conducting business on their phone, their employer may want to claim they cannot gain access to the device, but that answer is not likely to satisfy the court. eDiscovery practitioners will need to exercise finesse to gain the necessary access while limiting stress and disruption.

Approaching Custodians and Avoiding Pushback

The need to preserve mobile data and the challenges of obtaining consent to collect personal devices is an ongoing issue. Providing privacy for those who don’t want to give over their phones—even their work phones, much less their BYOD phones—can be a major undertaking. At the same time, corporations don’t want people to feel like they’re being watched. After all, phones are primarily tools for communication; what happens in litigation is not front and center.

eDiscovery professionals understand the importance—and difficulties—associated with keeping separate devices. However, the reality is that the average custodian has one device containing commingled data. With BYOD, employees are often unaware that they’ve crossed the line between personal and professional information. As a result, legal holds must clearly indicate that the hold includes mobile data, and tangible data includes text messages. In antitrust or internal investigations, call logs, photos, and other information may come into play.

While a targeted collection should always be the goal, and mobile devices shouldn’t necessarily be treated differently, some important considerations must be made. eDiscovery professionals don’t seek to be invasive or over-collect but narrowing mobile device data collection can increase costs and add time to the process, which may not be desirable. Additionally, if the entire phone is not collected, and the case team needs to come back for more data later due to case developments or a change in scope, they may lose access to critical data and run the risk of spoliation.

To mitigate risk, imaging the full device ensures all the data is captured. Then, the team can begin the process of segregating the data, and focusing on specific participants, time periods, search terms, and exclusionary searches to narrow down the data to just what’s needed for review.

The Importance of the Custodian Interview

The custodial interview provides the opportunity to truly collaborate with employees, provide clarity on what you’re doing, why you’re doing it, the data you’re looking for, and how the data will be handled and filtered. Many people don’t fully understand the power and functionality of their device—what apps they are using, where they are storing things, what will happen to the data.

Take for example, ephemeral messaging, like WhatsApp or Signal. Employees often don’t understand that the messages will disappear if you don’t do something to prevent it. Similarly, there might be phone settings that will auto-delete some of these messaging apps after 30 or 60 days.

To ensure that eDiscovery professionals uncover all the relevant data, probing questions and interviews matter. The soft skills of relating to people, being transparent and clear, and speaking specifically reinforce the fact that eDiscovery professionals are just looking for relevant information.

CDS Forensic Services offers a comprehensive range of forensic collection, analysis, and advisory services. Our team performs forensically sound, defensible, targeted collections of virtually every data source and format, including mobile devices, cloud storage, and social media sites. To discuss how we can streamline your organization’s data collection on mobile devices, /">contact us for a consultation today.

About the Author

Adam Rogers

Adam is a certified digital forensic and eDiscovery professional whose role at CDS includes leading the forensics services group, performing complex data collections, computer forensic investigations and training CDS team members in the use of forensic and eDiscovery hardware and software solutions. Adam can provide specialized forensic analysis services for clients working with matters of varying degrees of complexity and sensitivity. These services are particularly helpful in cases involving intellectual property theft, employer/employee breach of contract cases or in cases and investigations involving employee misconduct. Adam has proven success in customizing these services to a client’s specific needs and completing complex digital forensic tasks in a defensible and well-documented workflow.

There are no upcoming events at this time

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
bcookie	2 years	This cookie is set by linkedIn. The purpose of the cookie is to enable LinkedIn functionalities on the page.
lang	session	This cookie is used to store the language preferences of a user to serve up content in that stored language the next time user visit the website.
lidc	1 day	This cookie is set by LinkedIn and used for routing.

Cookie	Duration	Description
_ga	2 years	This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.
_gcl_au	3 months	This cookie is used by Google Analytics to understand user interaction with the website.
_gid	1 day	This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visted in an anonymous form.
_hjFirstSeen	30 minutes	This is set by Hotjar to identify a new user’s first session. It stores a true/false value, indicating whether this was the first time Hotjar saw this user. It is used by Recording filters to identify new user sessions.
oktgid	1 year	This cookie is used for storing the visitor ID of the user who clicked on an okt.to link.
oktsid		This cookie is used for storing the session ID of the user who clicked on an okt.to link.
pardot	past	The cookie is set when the visitor is logged in as a Pardot user.
vuid	2 years	This domain of this cookie is owned by Vimeo. This cookie is used by vimeo to collect tracking information. It sets a unique ID to embed videos to the website.

Cookie	Duration	Description
_fbp	3 months	This cookie is set by Facebook to deliver advertisement when they are on Facebook or a digital platform powered by Facebook advertising after visiting this website.
bscookie	2 years	This cookie is a browser ID cookie set by Linked share Buttons and ad tags.
fr	3 months	The cookie is set by Facebook to show relevant advertisments to the users and measure and improve the advertisements. The cookie also tracks the behavior of the user across the web on sites that have Facebook pixel or Facebook social plugin.
IDE	1 year 24 days	Used by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile.
test_cookie	15 minutes	This cookie is set by doubleclick.net. The purpose of the cookie is to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	This cookie is set by Youtube. Used to track the information of the embedded YouTube videos on a website.

Cookie	Duration	Description
_dc_gtm_UA-109542572-2	1 minute	No description
_hjAbsoluteSessionInProgress	30 minutes	No description
_hjid	1 year	This cookie is set by Hotjar. This cookie is set when the customer first lands on a page with the Hotjar script. It is used to persist the random user ID, unique to that site on the browser. This ensures that behavior in subsequent visits to the same site will be attributed to the same user ID.
_hjIncludedInPageviewSample	2 minutes	No description
_hjTLDTest	session	No description
AnalyticsSyncHistory	1 month	No description
CONSENT	16 years 8 months 26 days 9 hours 2 minutes	No description
UserMatchHistory	1 month	Linkedin - Used to track visitors on multiple websites, in order to present relevant advertisement based on the visitor's preferences.