Blog Layout

Discoverable Data on Your Mobile Device

Although worldwide adoption of mobile devices happened nearly 20 years ago, some corporations are still struggling with the issue of how to manage data on mobile devices being used within their own offices. Given their ubiquity among employees and increasing complexity in data storage between applications, mobile/smart devices are still a pain point from an information governance perspective.

Newer and more cunning mobile-based cybersecurity threats bely the fact that devices used most by top personnel may not be protected against data leaks or disclosures.

Mobile device data management has been a concern for many years and its no surprise that, when faced with litigation or audit, CIO’s are kept up at night wondering if their existing policies are up to snuff. Discoverable data in the form of duplicate emails and presumed off-record communication is just as, if not more, vulnerable on a mobile/smart device as it is on an email server. In an attempt to rein in employees’ use of various, disparate mobile operating systems mobile device data management policies can take the following forms:

1. Adopt an enterprise device program.

Since an enterprise device program requires not only the purchase and distribution of mobile and smart devices but also the maintenance and replacement of those devices, it stands as the most expensive option on the list. However, an organization maintaining ownership of the device also lends itself to better control over the type and security of the data passing through the device. This option also allows opportunities for greater efficiency as an organization can dictate the types and use of applications on the devices.

2. Adopt or create proprietary apps for work activities.

Organizations can also pre-empt eDiscovery obstacles by limiting how corporate data can be accessed and stored on their employees' mobile devices through using proprietary apps designed for work activities. As an increasingly popular option for interoffice communication, messenger apps and departmental chat apps have begun replacing email in many large organizations. The same is being applied to mobile/smart devices. Adopting this shift towards proprietary applications, both on PC’s and mobile devices, serves to compartmentalize corporate data within a device app and give the IT department visibility and control over data content and storage, even when it goes to a personal device.

3. Strictly govern a Bring Your Own Device (BYOD) program.

In situations where corporate data only exists on an employee-owned mobile device, attempts to collect that information without the right agreements and other things in place can present an obvious set of challenges for any organization. It is extremely important for an organization to have agreements in place that allow unrestrained access to any device on which an employee may perform work activities. Further, management of data on a BYOD program requires a clear set of policies and procedures be fastidiously maintained including the following:

Your IT department should be the ones to install any mail apps.
Mobile device use policies should be clear.
Secure password protection should be enabled on every access.
Data should be segregated and stored on company servers.
Employee agreements with evergreens should be in place.
Each department should have their own agreement.

There are additional options for mobile device management security and monitoring software installs on employee BYOD devices that can be implemented and maintained by your IT department. Regardless, it is most frustrating to CIO’s that an organization must move very slowly in their efforts to manage data under a BYOD plan.

Considering litigation or audit as an eventuality, organizations must be aware that eDiscovery data collections has its limitations as well. Even if a company has enacted a mobile device management program, it can still run into a host of technical eDiscovery roadblocks that can result in fines or even accusations of spoliation. Discovering information on mobile devices, for example, is not as straightforward or simple as it is from an email server. This is why outsourcing mobile device data collections to specialists can prove to be a valuable and safe choice. Outsourced professional services, like those offered by IST Discover-E, can expertly navigate complex discovery collections on mobile devices by capturing loose traditional e-documents and email while also capturing and decoding application data sources located in specific databases found on each mobile device.