Balancing Concerns of Employee Privacy and Employer Security in BYOD
In these days of heightened data privacy concerns, is the privacy of personal data protected on BYOD phones? Certainly, as we discussed in the post Mobile Device Forensic Discovery: Here’s a Case That Illustrates the Importance, data from mobile devices is discoverable in litigation (even forensically) if the relevance of the data is significant enough, regardless of privacy concerns.
But what about in general use of BYOD devices? Is the personal data of employees protected there?
We found one case from a few years ago — Rajaee v. Design Tech Homes, Ltd. — where the issue came up. In that case, the plaintiff resigned from his employer and was immediately terminated, then a few days later, his former employer conducted a remote wipe of his BYOD device, restoring it to factory settings and deleting all the data, not just work-related, but personal as well. He sued, alleging violations of the Electronic Communications Privacy Act (ECPA) and the Computer Fraud and Abuse Act (CFAA). But the Court dismissed his claims with regard to both alleged violations, stating the plaintiff’s personal data was not protected under the ECPA and that the plaintiff failed to provide evidence that he sustained $5,000 in cognizable “loss” under the CFAA. https://forensicdiscovery.expert/balancing-concerns-of-employee-privacy-and-employer-security-in-byod/