If mobile device collection is rare for your company, it may become less so. Adversaries are seeking mobile data with increasing frequency, including in government investigations and non-party subpoenas. A recent example is the $200 million fine levied against J.P. Morgan by U.S. financial regulators for the company’s failure to preserve certain business-related communications on its employees’ personal devices. Consider another recent case, Sandoz Inc. et al. v. United Therapeutics Corporation, in which the court ordered the defendant to turn over certain text messages from its chief financial officer’s personal cell phone.

It may be that mobile device collection is not necessary, particularly if employees are not using their mobile devices to text or message substantively, but that is not always the case. In certain circumstances, it may be necessary for your company to collect mobile devices to access potentially relevant data, especially for key players. Collection of employer-issued devices is typically more straightforward because the company owns the devices. Employee-owned devices can increase the complexity, particularly around issues relating to employee privacy and custody/control.