In an employment race discrimination case, a federal court recently held that the defendant-employer did not have “possession, custody, or control” over text messages sent or received by its employees on their personal cell phones. The court denied the plaintiff’s motion to compel the production of these text messages because there was no evidence that:
- the employer issued the cell phones to the employees;
- the employees used the cell phones for any work-related purpose; or
- the employer otherwise had any legal right to obtain employee text messages on demand.
Cotton v. Costco Wholesale Corp., Case No. 12-2731, slip op. at 11 (D. Kan. July 24, 2013).
Plaintiff sought text messages from his managers
The plaintiff is an African-American who was hired as a loss prevention associate at Costco in 2010. He claims that since his hiring Costco’s employees, supervisors and managers at the warehouse that he works at have engaged in discriminatory, harassing and retaliatory conduct against him. Among other things, he alleges that certain warehouse managers have made it difficult for him to perform his job, treated him like he is the “ghost” in the room during management meetings, made racially derogatory comments about him and negative remarks about his clothing, and removed him from his loss control position and had him boxing groceries and retrieving shopping carts from the parking lot instead.
Among other types of electronically stored information (ESI), the plaintiff requested each text message sent or received by two of his warehouse managers which mentioned him or his allegations of discrimination, harassment, and retaliation. The plaintiff argued that his document request was reasonably calculated to lead to the discovery of admissible evidence because the text messages could reveal discriminatory acts against him or could discuss the plaintiff’s specific complaints or Costco’s response (or lack thereof) to his complaints.
Costco objected to the document request by arguing that the request required it “to invade the privacy of its employees to search their private cellular phones for responsive information.” Moreover, Costco noted that the plaintiff did not allege that the two managers sent racially inappropriate text messages, or that they communicated with each other via their personal cell phones about work.
In ruling on the discovery dispute, the court did not directly address Costco’s privacy argument. Instead, it focused on whether Costco had possession, custody or control over the text messages:
Parties have a right to request documents and ESI within the opposing party’s possession, custody or control. “[D]ocuments are deemed to be within the possession, custody or control if the party has actual possession, custody or control or has the legal right to obtain the documents on demand.”
Cotton, slip op. at 10-11 (quoting Noaimi v. Zaid, 283 F.R.D. 639, 641 (D. Kan. 2012)).
Applying this standard to the evidence before it, the court concluded that “it appears to the court that Costco does not likely have within its possession, custody, or control text messages sent or received by these individuals on their personal cell phones.” Id. at 11.
Although this case came out in favor of the employer, the factors examined by the court illustrate the e-discovery challenges faced by businesses in a bring-your-own-device (BYOD) environment. If a company’s employees use their own personal electronic devices (e.g., laptops, smartphones, tablets, etc.) for work-related purposes, there is a risk that the company could be held responsible for the preservation and production of text messages, emails, and other ESI created or stored on these devices, whether or not the company has adopted a BYOD program.
This risk presents challenges for companies because they do not own or physically control the employees’ devices, the ESI created or received on the devices can be stored in multiple locations (including personal cloud storage sites), personal information can be intertwined with corporate information, the preservation and collection of the ESI from the devices can be difficult technologically, and employees may not consent to the retrieval of information from their devices.
To address these challenges and help mitigate their e-discovery risk, companies should have guidelines regarding what personal devices may be used for work and how they may be used, have restrictions on the use of personal devices and personally-controlled clouds for storing corporate information, reserve the right to access personal devices used for work, and have software controls that segregate corporate information from personal information on BYOD devices and sync the corporate information with a company-controlled network.
It also is important for companies to train their employees on what the company’s policies and procedures are and explain why they are important. Once litigation arises, it is important to conduct thorough custodian interviews so that the company can identify the types of potentially relevant ESI that may be stored on its employees personal devices.
In addition to these steps, the E-Discovery Beat blog recently shared some tips for addressing these challenges, including creating a BYOD policy and updating e-discovery workflows, that are worth a read.