Mobile Computing Holds Compliance RisksSteven C. Bennett and Cecilia R. DicksonNew York Law JournalOctober 02, 2008Mobile computing is commonplace for much of corporate America. Employees routinely use cell phones and PDAs, enabling them to work beyond the physical confines of their offices. These ubiquitous devices, however, represent only a fraction of the innovations used by modern companies to facilitate working anytime, anywhere. Improved connectivity infrastructure in the residential sector, virtual conferencing capabilities and paperless offices are just a few of the recent mobile computing innovations that allow an "office" to be completely mobile, with employees deployed globally at a moment's notice. Mobile computing has forever changed the workplace landscape. It has given rise to alternative work arrangements; indeed, some employees now work exclusively "out of the office." Many companies have drastically reduced their office space and encourage their employees to work on the road or at home. Mobility is such a far-reaching change in workplace behavior that the characterization of mobile computingas a trend does not do justice to the changes rapidly taking place. By 2009, an estimated 14 million workerswill be telecommuting or, perhaps more aptly phrased, teleworking.[FOOTNOTE 1] Others have estimated that as many as 22 million people today already work one or more days a week in nontraditional locations.[FOOTNOTE 2] With at least 27.5 percent of the working population estimated to participate in teleworking arrangements by 2009,[FOOTNOTE 3] teleworking is a phenomenon that cannot be ignored. The consequences of decentralization of the modern workplace, however, may complicate administration ofa business. As those attuned to the electronic discovery revolution of the past decade can attest, decentralization introduces a complex data and communication environment that companies must address to ensure compliance with document retention obligations and litigation discovery demands. As difficult as compliance with these obligations can be, the challenge can mount further when there is not one location for all servers, when documents are scattered across various electronic media (including personal computers, iPods, and flash drives owned by employees) and no one monitors compliance with data management regulations at the various "work sites." Discovery rules in general assume the existence of stable, centralized data. The advent of mobile computing introduces ever-expanding decentralization of data. Companies have become accustomed to issues such as multiple versions of documents stored electronically, duplicates whizzing through cyberspace as attachments to long e-mail strings, e-mail and instant messaging archiving and metadata concerns. But addressing retention issues with all these applications can become even more difficult when computers are not synced up to corporate servers, individual employees work "off-line" and then upload only certain work-product, and employees use personal e-mail accounts, bypassing the corporate servers and infrastructure that monitor and maintain the institution's e-mail and other documents. The number of sources and locations of electronically stored information almost always increases as employees work from several locations on multiple computers. Remote access to office-based servers and computers allows teleworkers to access, modify and download files from a centralized "homebase" repository nearly anywhere in the world. Consequently, an assessment of the creation, modification, storageand destruction of information becomes critically important to companies that permit mobile computing. Deficiencies and litigation risks associated with mobile computing may demand solutions as dynamic and innovative as these new, nontraditional data and communication structures. Companies must face these issues and address them as they may arguably be held "on the hook" for documents generated by the employees in the scope of their employment, even if those records are notcreated or maintained at the company. Rule 26(a)(1) of the Federal Rules of Civil Procedure requires disclosure of the identities of individuals "likely to have discoverable information," along with "a copy -- ora description by category and location -- of all documents, electronically stored information, and tangible things that the disclosing party has in its possession, custody or control" relevant to the claims or defenses of any party. To date, many cases assessing the scope of "possession, custody or control" have addressed the obligation of a litigant to secure records physically maintained by a third party. These same principles may also apply to a company's own employees, even though the employees may create documents entirely off the company's network. IMPOSED OBLIGATIONS Courts have often considered how far companies must go in preserving and producing records stored outside of the company by third parties. Many courts have recognized an obligation to preserve such data, reasoning that third-party documents may be in a company's "control." For example, in Keir v. UnumProvident Corp., 2003 WL 21997747, the U.S. District Court for the SouthernDistrict of New York found that the defendant failed to communicate in a timely manner or meaningful wayregarding the potential preservation obligations of its third-party provider of e-mail and other computer services. Similarly, the court in In re Triton, 2002 WL 32114464 (E.D. Texas), held that it would have been prudent and within the spirit of the law for the defendant to instruct its outside directors to preserve and produce any documents in their possession, custody or control. Moreover, the Triton court held, failure to implementa suitable document preservation plan, to communicate that plan effectively to outside directors and to follow up to ensure that the directive was followed, created holes in the document preservation plan through which discoverable materials may have been lost. In PML North America v. Hartford Underwriters Insurance, 2006 U.S. Dist. LEXIS 94456 (E.D. Mich.), the court granted the plaintiff's motion to compel and ordered production of a specifically identified hard drive, a thumb-drive (a small, removable data storage device) and a nonparty employee's home laptop computer. Although the defendant disavowed possession, control and even knowledge of the whereabouts of some of the equipment, when the
View Full Document
Unlocking...