But wait, you would certainly protest — that's my zucchini bread recipe. Well, yes and no. True, it's on a device you bought and paid for and for which you pay the monthly connection fee. But since you also use your device for corporate matters, it is no longer a simple matter to determine which rights are yours and which ones belong to your employer. Does your company policy require that you identify company documents or personal documents so that the appropriate ones are subject to e-discovery's preservation and retention obligations? How will those company documents be transferred from your device to the company's computers if there is a need to produce those documents? But unlike Aunt Pauline's yummy zucchini bread recipe, the company's need to preserve those documents on your device isn't necessarily a slam-dunk: it is not clear that your employer has a duty to preserve or collect information from your personal accounts and devices even where the device has access to business e-communication channels. That duty may hinge on whether a court believes the company has "possession, custody, or control" over the device or account (i.e., does it have a legal right to it or the practical ability to obtain it?).
Your employer frequently has a policy stating that it has the right to track this device because it is used for business purposes. If that fleet-footed thief makes away with the device, your employer typically has the right to wipe it and erase all the files remotely, including that wedding video you’ve been meaning to offload to your PC but never did. What are your record retention requirements? What happens if you buy a new phone, and exchange your old one for it? Or if your phone breaks and you can’t afford to buy a new one until next payday, and you need it to do your job today? What do you have to do if you find a new job, or get fired, or retire, and the IT asset management team wants to retire your device along with you?
BUILD YOUR OWN DESTINY: WHAT YOU CAN DO NOW
If you are involved in writing, administering, or using information technology agreements in any way, congratulations. You are working in a time of transition and new possibilities. You have the opportunity to solve an interesting problem: how can software and other IT agreements be updated to reflect the new reality of workers no longer tethered exclusively to company-owned equipment?
The new solution you or others arrive at will probably have these elements:
• It will find a way to compensate software publishers fairly for the new ways their intellectual property is being used.
• It will inoculate companies against under-licensing risks incurred because their workers have so many device options at home and on the move.
• It will align software licenses to both actual and intended usage (considering the way the software is hosted on a server or virtualized server that may be in your data center or a cloud along with the end user license or access grant).
• It will make it easy for companies to develop revised policies on data security.
• It will be able to accommodate new technologies when they come along.
The first step? Dig out your existing software, maintenance, and other license agreements and read them carefully. As you do, be mindful of the fact that, even if your company has not instituted a BYOD policy, some people are probably already accessing company servers with non-company-owned devices. Pay attention to provisions in your existing agreements that restrict access from off-premise locations, or that define users or devices in a way contrary to the operational definition you would give it knowing what you know now, or that seem inappropriate to the technology world as we use it today.
After all, that's a powerful computer in your pocket, and it isn't going away.
Susan Ross (sross@fulbright.com), senior counsel at Fulbright & Jaworski, was assisted by Diane Carco, President, Swingtide, Inc.
Subscribe to Law Technology News
