Before the pandemic, the fully-remote work model appeared to be reserved for the most successful of freelancers, techies, well-traveled digital nomads, and 4-Hour Workweek acolytes. The idea that the average worker, manager, or executive would reap the rewards from the work-from-anywhere mindset seemed, well, remote.
In the past couple of years, however, we’ve all changed our approach to work. In response to workers’ newfound priorities, many of the nation’s largest companies are strengthening their commitment to the work-from-home movement. Organizations that are not are suffering blowback from the Great Resignation and losing out on qualified candidates who now expect at least hybrid work schedules to be a necessity.
A work-from-anywhere world sounds like a dream—to everyone but in-house counsel that is.
Smartphones, emails, cloud-stored documents, presentations, and even videos are all fair-game for discovery, regardless of whether the device was corporate-issued.
Therefore, widespread remote workplaces present important challenges for eDiscovery that companies and their counsel must now consider. Some of these issues are rooted not only in where companies’ workers are working from, but also through the devices and tools they use in doing so.
As day-to-day work heads to the cloud, employees and executives alike are finding lines blurred between work and home. This dichotomy is becoming less distinguished through the way workers are performing work on personal devices. In-house departments must plan strategically to ensure companies cover all of their bases to avoid protracted eDiscovery-related issues.
Some pressing concerns in-house counsel should explore when developing their eDiscovery plans include:
Considering cross-border discovery standards. The flexibility remote work offers has encouraged some office-tethered employees and executives to pursue scenery changes. CNBC found that 30% of remote workers in late 2020 admitted to working out-of-state. What happens, however, if your employee operates in a different country?
In light of legislative developments that arose since the Second Circuit’s controversial decision in Microsoft v. United States, companies may need to comply with the CLOUD Act when furnishing evidence from data sources from some international countries.
Companies must also assess whether they have control over internationally-stored ESI being requested as part of Rule 17 pre-trial conferences and whether they can produce specific evidence from domestic sources.
Addressing bring your own device (BYOD) problems. Is BYOD NSFW? Sure, if companies do not adequately monitor and proactively safeguard against bad-faith conduct.
In Paisley Park Enterprises, Inc. v. Boxill, for example, the administrators of the artist Prince’s estate sued a company over the unauthorized launch of previously unreleased Prince tracks Several of the defendant’s principals, however, failed to enable auto-delete features on their smartphones, and wiped and destroyed their devices after the estate filed suit.
Let’s say these actions led to a little… Controversy. The court ultimately fined the defendant $10,000 and allowed the plaintiffs to file a claim for legal fees, highlighting examples of potential consequences other companies could face in similar circumstances.
Troubleshooting remote work preservation issues. Preservation and collection problems can also arise from the enterprise tools businesses use.
Sure, Microsoft 365 and Google Vault do describe some of their built-in preservation features as “legal holds.” However, these so-called holds are simply retention mechanisms.
Merely turning on these features in Microsoft 365 or Google Workspace will not be enough to demonstrate to courts that your company took reasonable steps to preserve data, even though it can be a step in the right direction. Even messaging programs such as Slack can pose cumbersome search and preservation issues if not handled properly.
By reviewing and ingesting the data you need to preserve into your eDiscovery platform, you will be able to better mitigate spoliation issues and court sanctions.
Despite the drawbacks that remote work creates for discovery, there is an upside.
ESI, after all, is electronic. That means teams can share copies of, securely store, and move necessary information across platforms using best practices and industry-standard workflows.
An in-house department’s success in managing these issues boils down to how it collaborates with IT to collect and preserve relevant ESI and the steps it takes internally to demonstrate that it took reasonable steps to protect this information pursuant to FRCP 37(e).
Some of the ways companies can achieve this include:
Backing up data to multiple sources. Just because a rogue employee decides to go AWOL does not necessarily mean that your company will be sanctioned.
As the Paisley Park court noted, companies could sidestep potential spoliation sanctions under FRCP 37(e) if they can produce copies of the applicable information or furnish relevant and responsive information from alternative sources in a producible format.
Consider working with your IT department to locate and segregate key data sources, establish and document online and virtual safeguards to protect this information, and ensure your storage and preservation efforts satisfy best practices. While the EDRM model can be a helpful basis to start your efforts, you can shore up many of the model’s weaknesses by integrating your eDiscovery platform into your data and ESI infrastructures.
Developing a coordinated legal hold strategy. Under FRCP 37(e), companies must take reasonable steps to collect and preserve discoverable ESI in anticipation of ongoing or imminent litigation. A centralized, easily-trackable legal hold procedure can be one way your company can show reasonable efforts in this area.
Depending on your eDiscovery platform, you may be able to unify and automate the collection and preservation process in a cinch. Logikcull Hold, for example, allows you to autogenerate defensible holds, issue them to applicable custodians, and automatically track responses and compliance from a secure, centralized platform.
It can go a step further and convert your holds into full-blown discovery matters, allowing you to jump right into locating and importing applicable files.
Unifying communications and sharing channels. The dispersion of today’s workforce has opened the door for disparate communications across equally diverse channels. From an in-house lawyer’s perspective, tracking texts, emails, and other communications can pose challenges, especially in companies that embrace BYOD policies.
There will never be a perfect solution to this issue due to the prevalence of at-work personal device usage. However, in-house counsel should work with IT to require or encourage executives and employees to limit their communications to specific IT-approved apps and platforms.
Most of the oft-used business communication tools allow some form of ESI collection—and, more importantly, seamless integration with eDiscovery platforms—that should come in handy during ESI collection. Doing so will also lessen security and evidence integrity risks posed by employees downloading unauthorized apps.
Requiring employees to perform their work on company-issued devices or remote desktops. It will always be easier to pull remote collections from company devices on company-owned networks instead of through personal devices.
Asking workers and stakeholders to log into work-hosted virtual desktops allows critical conversations and data to remain hosted on company servers and networks for retrieval. If you do have BYOD holdouts, however, do not fret. As part of your eDiscovery process, ask key custodians if they have company data on their personal computers, smartphones, and tablets.
Using security safeguards to prevent data from being compromised. Given the remote work’s reliance on secure connections, conducting remote collections from devices leave evidence more susceptible to infiltration by cybercriminals and other external and internal bad actors.
For example, Logikcull leverages industry-recommended 256-bit encryption to protect data in transit and at rest, two-factor authentication to fend off unauthorized access, and private or dedicated connections to pull data from your IT environments.
Remote work, in all likelihood, will not subside in tandem with the pandemic. In-house legal teams must prepare themselves and tailor their eDiscovery strategies to the new challenges long-term work-from-anywhere policies pose.
Adopting a unified approach to enterprise app management can help make remote eDiscovery more seamless and secure. Especially when paired with the right eDiscovery tools.