Presentation on theme: "You, Your Mobile Device, and The World At Large Data Security, Privacy, and e-Discovery Considerations for Multinational BYOD Initiatives Richmond Journal."— Presentation transcript:
You, Your Mobile Device, and The World At Large Data Security, Privacy, and e-Discovery Considerations for Multinational BYOD Initiatives Richmond Journal of Law & Technology Symposium February 27, 2015 Presented by: Melinda McLellan, James Sherer & Emily Fedeles
Julie Jetset Manages global IT forensic investigations for a U.S.-based multinational consulting company Omniscient Everywhere, Inc. (“OEI”) Dual citizen of the United States and France Has a desk in OEI’s New York and Paris offices Travels frequently to multiple jurisdictions – Meets on-site with OEI clients – Manages a team of highly-skilled technologists based in 7 different countries – Leads in-depth investigations of sophisticated data security incidents
Devices: – OEI-issued Blackberry she keeps as a back-up – iPhone she purchased (segregates OEI email & apps from her personal apps and data) – iPad (mirrors her OEI email) – Android tablet (for OEI-specific forensic tools, HR software, etc.) Signed a number of policies regarding the acceptable use of OEI systems and networks – OEI pays for her data and cellphone usage OEI data in her possession has been subject to litigation holds Julie Jetset
Current BYOD Technology and Usage BYOD Today Implementation trends Geographic differentiation Employee Behavior Personal information The “End Node” problem Device Security v. Employee Personal Data Enterprise Mobility Management (“EMM”) Mobile Device Management (“MDM”)
Statutory and Common Law (U.S.) Electronic Communications Privacy Act (“ECPA”) – Katz v. U.S., 389 U.S. 347 (1967) – Stengart v. Loving Care Agency, Inc., 990 A.2d 650 (N.J. 2010) The Stored Communications Act (“SCA”) – Theofel v. Farey-Jones, 359 F.3d 1066 (9th Cir. 2004) – Quon v. Arch Wireless Operating Co., 529 F.3d 892 (9th Cir. 2008), rev’d on other grounds sub nom. City of Ont. v. Quon, 130 S. Ct. 2619 (2010) – Sunbelt Rentals, Inc. v. Victor No. C13-4240 SBA, 2014 WL 4274313 (N.D. Cal. Aug. 28, 2014) The Computer Fraud and Abuse Act (“CFAA”) – Rajaee v. Design Tech Homes, Ltd., No. 4:13-cv-02517, 2014 WL 5878477 (S.D. Tex. Nov. 11, 2014)
Statutory and Common Law (U.S.) eDiscovery Issues – Custody and Control Considerations » Columbia Pictures Indus. v. Fung, 2007 U.S. Dist. LEXIS 97676, (C.D. Cal. 2007) » In re NTL, Inc. Sec. Litig., 244 F.R.D. 179 (S.D.N.Y. 2007) » Goodman v. Praxair Services, Inc., 632 F. Supp. 2d 494 (D. Md. 2009) Federal Trade Commission Guidance on Mobile Privacy – 2013 – Staff Report on Mobile Privacy Disclosures National Institute of Standards and Technology (“NIST”) Guidelines – 2013 – Guidelines for Managing the Security of Mobile Devices in the Enterprise – 2015 – Vetting the Security of Mobile Applications
EU Legal Issues France – Employee expectations of privacy Germany – Private versus public uses of technologies Spain – Employee monitoring and consents United Kingdom – Control of device data and ultimate responsibility – United States v. Odoni, 2015 BL 7039 (11 th Cir., Jan. 13, 2015)
BYOD Considerations The Device Itself What types of devices will the organization support? Should Mobile Device Management Solutions (“MDMs”) be implemented? How will the organization address device disposal/employee separation issues? Device Usage Who within the organization will be allowed to participate in the BYOD program? Will the scope of employee participation differ depending on job functions? Who owns the data on the device when an employee leaves?
BYOD Considerations Policy Development Strategy What considerations go into the organization’s strategic approach? How will the organization address border crossing security issues with respect to employees’ devices? Privacy Concerns and Other Legal Considerations Who within the organization is responsible for monitoring legal developments concerning BYOD? How will the organization provide notice of its monitoring practices, and offer choices with respect to monitoring where required?
Contact Melinda McLellan Counsel, BakerHostetler – New York firstname.lastname@example.org James Sherer Counsel, BakerHostetler – New York email@example.com Emily Fedeles Associate, Shook Hardy & Bacon – Geneva, Switzerland firstname.lastname@example.org