Remote working has accelerated the merger of work and private data, particularly on mobile phones and instant messaging services such as WhatsApp.
While employees are performing their jobs, mobile access may be putting their employers at risk – because work-related communications on unapproved platforms are frequently not preserved in accordance with regulatory requirements (where applicable), and are often inaccessible or overlooked in the event of an investigation or litigation.
We have outlined below practical tips for the preservation, collection and review of mobile data in an investigation.
- Know the expectations of relevant authorities regarding the preservation of mobile data.
- Ensure that you understand what mobile data exists, whether and how it can be preserved in line with applicable laws.
- Where possible, provide centrally hosted (and backed up) messaging systems for work communications.
- Check your policies in relation to the use of mobile devices to ensure that they clearly explain what employees should and should not do (and what you are entitled to review).
- Carefully maintain device logs and consider whether to preserve data on reassignment of devices.
At the outset of an investigation
- Obtain data privacy and employment advice at the outset – and in all relevant jurisdictions.
- Move quickly to reduce the risk of deletion.
- Ensure devices are held securely (with relevant passwords) and (where possible) forensically imaged.
- Have a clearly documented process for how data will be processed and reviewed.
Click here to watch on on-demand webinar on the use of mobile data in investigations, in which we discussed:
- US and UK authorities’ expectations in relation to preservation of mobile data;
- Practical tips on collection and review of data in a remote working context;
- How to best position yourself to be able to access data; and
- Dealing with conflicting regulatory expectations and data privacy laws in cross-border investigations.