I recently watched Deepwater Horizon, a dramatization of the tragic drilling rig explosion and subsequent oil spill in the Gulf of Mexico in April 2010. In the movie, Mark Wahlberg’s character commented that “Hope ain’t a tactic.” This comment can serve as a reminder to corporate legal teams that they must have a strategy in place to preserve cell phone and mobile device data in the event a litigation hold arises — or face potentially severe legal and financial consequences.
In October 2010, Kurt Mix, an engineer at BP (the company that leased the rig), deleted critical text messages after learning that his cell phone was to be collected by an e-discovery vendor working for BP’s counsel. By the time Mix deleted these texts, he had received numerous legal hold notices — a notification sent from an organization’s legal team instructing employees not to delete hard copy records or electronically stored information (ESI) that may be relevant to a new or pending legal matter. Eventually, the Department of Justice charged Mix with obstruction of justice for deleting more than 300 text messages to his BP supervisor.
The Deepwater Horizon rig explosion raises a number of salient questions for legal teams grappling with the challenges of enabling a mobile workforce with smart phones — and preserving that data when a legal hold arises. Two key questions include:
- What does the law and authoritative bodies (such as the Sedona Conference) say about legal holds?
- How do organizations preserve and collect data from mobile devices if faced with a triggering event?
What does the law say?
The duty to preserve digital evidence, which may arise even before a suit is filed, has its foundations in 2003 when federal judge Shira Scheindlin set out the rule for what has become known as a legal or litigation hold: “Once a party reasonably anticipates litigation, it must suspend its route document retention/destruction policy and put in place a ‘litigation hold.’” The Zubulake decisions also established that a court could impose sanctions if it finds these duties have been breached. In 2006, Federal Rules of Civil Procedure (FRCP) amendments codified that electronic data was discoverable and attempted to establish cost controls. In 2015, additional FRCP amendments emphasized proportionality to determine scope of ESI and further authorized courts to impose sanctions as well as curative measures for spoliation of ESI.
In its December 2018 Second Edition of The Sedona Conference Commentary on Legal Holds, following its initial guidance in August 2010 (same year as Deepwater Horizon), the Sedona Conference provided an update on what triggers a corporation’s duty to preserve data, along with a framework for implementing an effective legal hold program.
In a recent OpenText webinar, my colleagues summarized the new guidance and specifically addressed the question of a corporation’s duty to preserve and collect data from employee cell phones and mobile devices. The guidance states:
- There is no express mention of a corporation’s duty to collect employee cell and mobile device data, and that preservation and collection should be addressed on a case-by-case basis; and,
- If a corporation does have a duty to preserve cell and mobile device data on a particular matter and obligations are not met, then they have opened themselves up to the possibility of costly sanctions.
Counsel can also draw from a new case from the District Court of Minnesota. In Paisley Park Enters, the federal Court found that the plaintiff met its burden to prove that the defendant executives intentionally destroyed text messages related to the matter-at-issue. See Paisley Park Enters. v. Boxill,No. 0:17-cv-01212, (D. Minn., March 5, 2019). The Court further provided a helpful summary of spoliation law as it relates to text messages.
Practical considerations in preserving and collecting data from mobile devices
So, to meet preservation obligations and avoid potentially costly sanctions, among other consequences, how does a modern-day corporation preserve and collect data from employee cell phones and mobile devices when a legal hold arises?
Many counsel and their IT counterparts are turning to best-practices technology such as OpenText™ EnCase™ eDiscovery to address the increasing challenges of preserving and collecting data from a mobile workforce. Such technology allows legal and IT teams to report on critical mobile evidence that is relevant to a case, and:
- Easily view acquired mobile evidence in detail, from text messages, call records and photos to social networking and other cloud application data sources tied to mobile devices;
- Quickly add evidence to new or existing cases;
- Perform in-depth content analysis and find regular expression data;
- Provide 360-degree visibility across all endpoints, devices and networks, enabling threat detection and remediation; and,
- Eliminate employee business interruption.
Available technology equips organizations with essential, cost-effective capabilities while reducing legal risk for a single case or across multiple matters.
Hope ain’t a tactic
Modern-day corporations cannot resort to using “hope as a tactic” when seeking to preserve cell phone and mobile device data. Instead, corporations and their legal teams need to understand the applicable law, take guidance from the courts, and use defensible mobile collection technology to solve the data preservation and collection challenges that come with a mobile work force.
In a Zero Trust world, law enforcement, legal, and security professionals need to continuously augment and tune their skills. Join us at Enfuse 2019 to learn, teach and share while exploring the latest updates and best practices across the spectrum of information security, eDiscovery, artificial intelligence and forensic investigation. Enfuse 2019 takes place November 11-14 at The Venetian Resort Las Vegas.