Graeme Buller and I have been considering this Addleshaw Goddard blog focusing on the issue of disclosure on personal devices. Or BYOD for ease.

We both agreed that where it’s not possible to obtain documents from a mobile device (in this instance due to there being no express provision to do so under Saudi law), it is useful to understand what secondary sources of information can be used.

Take for example a mobile device. There are a multitude of alternative data sources. The most comprehensive of these would be a device backup, whether this is stored in a cloud account, or locally to a laptop or computer. Depending on who or how such secondary sources are managed, this may provide a door to access the required documents without the need for an individual’s mobile device. Obviously, any applicable laws would need to be analysed to ensure there are no breaches to an individual’s privacy in doing so though.

Furthermore, there may be information stored on other corporate systems that can at least help plug certain gaps of information. For example, who else may have been included on emails with individuals whose personal devices hold the same documents, do company backups shed any light or provide yet more completeness to an expected full dataset?

As Graeme explains, “what this article really drives home is the need for companies to ensure that they have the ability to control their data as and when required. Ensuring that employment contracts, and carefully drafted BYOD policies are in place is certainly a good starting point in the process.”

In addition to this, there should also be careful consideration as to how information is managed when an individual leaves a company – this is even more relevant to regulated companies, and as such, defined and regular tested procedures should be in place for such situations.