By: Glenn Posein
An eDiscovery director recently described a collection effort that should have taken a day. It took three. Seven custodians spread across four states. Devices shipped overnight. IT pulled in last minute. By the time everything arrived, two employees had already cleared their messages.
Nobody did anything wrong, exactly. The process just wasn’t built for how people communicate today.
Where the Evidence Actually Lives Now
Legal teams have spent years building sophisticated workflows around email preservation, shared drives, and enterprise systems. Those workflows work well—for the data they were designed to capture. But the more significant problem is the data they weren’t.
Text messages, iMessages, WhatsApp threads, and other short-message communications have become primary channels for business decisions. Not secondary ones. In many industries—financial services, energy, healthcare, media—the most candid and consequential conversations between colleagues, clients, and counterparties happen in mobile messaging apps, not email.
This creates a gap between where legal teams have built their discovery infrastructure and where the relevant evidence actually sits. Closing that gap requires rethinking some foundational assumptions about mobile collection.
Four Challenges That Keep Coming Up
In working through mobile discovery matters with clients, the same friction points appear repeatedly:
- Custodian cooperation deteriorates quickly when the collection process is invasive. Asking employees to surrender their phones—sometimes for days—generates resistance that slows timelines and creates adversarial dynamics that don’t serve anyone. The more disruptive the process, the harder it becomes to execute consistently across a large custodian population.
- Over-collection creates its own problems. The instinct to image an entire device and filter later feels safe, but it isn’t. Capturing personal data alongside business communications raises serious privacy concerns—particularly in BYOD environments—and drives up review volume, hosting costs, and discovery complexity. Courts and regulators are increasingly attentive to proportionality, and broad, indiscriminate collections can draw scrutiny rather than deflect it.
- Remote and distributed workforces have broken traditional logistics. Mobile collection workflows that depend on physical access to devices haven’t adapted to a world where custodians may be in different time zones, different countries, or simply not available for days at a time.
- Preservation timing is unforgiving. Unlike email, which typically persists on a server, mobile communications can disappear quickly—through deletion, device replacement, or app-level clearing. When a triggering event occurs, the window for preservation may be shorter than the logistics of a traditional collection allow.
Rethinking the Approach: Targeted Over Broad
The most meaningful shift in mobile discovery practice isn’t technological—it’s conceptual. The question has changed from “how do we get everything off this device?” to “how do we get exactly what we need, quickly and defensibly?”
Targeted acquisition means scoping collections to specific data types, applications, and date ranges before the process begins—rather than collecting broadly and hoping to filter downstream. This approach better aligns with proportionality standards, reduces privacy exposure, and produces a more manageable and defensible evidentiary record.
Practically, this means identifying at the outset which applications are likely to contain relevant communications, what time period is in scope, and which data types are actually necessary. A well-scoped mobile collection in a commercial dispute might focus entirely on iMessage and WhatsApp threads from a six-month window. There’s no reason to collect call logs, photos, or contacts if they have nothing to do with the matter.
Of course, collection scope should always be guided by counsel, matter requirements, and applicable preservation obligations. The goal isn’t to collect less by default. It’s to collect what is relevant, proportional, and defensible for the matter at hand.
Remote collection capabilities have made targeted acquisition considerably more practical. Platforms like ModeOne, which we use with clients for iOS device collections, allow custodians to complete a guided process on their own device without surrendering it or coordinating an onsite visit. Cooperation improves, timelines compress, and most collections are completed in a matter of hours rather than days.
A Scenario Worth Walking Through: The Departing Employee
One of the most time-sensitive mobile collection scenarios involves employee departures. When an employee exits—voluntarily or otherwise—the window to preserve their business communications is narrow. Relevant messages don’t stay on the device indefinitely, and once someone has left the organization, the practical and legal complexity of accessing their device increases substantially.
The traditional approach to this scenario involves scrambling to get the device before the employee walks out, coordinating with IT under time pressure, and hoping the collection is complete enough to hold up later. It works sometimes. It fails often enough to be a recurring problem.
A targeted remote collection changes this calculus. The scope can be defined in advance, the process can be initiated before the employee’s last day, and the collection can be completed without requiring device surrender. Using a tool like ModeOne, we’ve been able to run these collections while the employee still has their phone in hand — they keep it, the organization gets the data it needs, and the whole thing happens on a timeline that reflects the urgency of the situation rather than the limitations of the logistics.
This kind of scenario—where timing is critical and disruption is costly—is precisely where the limitations of legacy collection methods become most visible.
What “Defensible” Actually Requires
Defensibility in mobile collection isn’t just about having the data. It’s about being able to explain how you got it, why you got what you got (and not more), and that your process was consistent across custodians.
This means documentation matters as much as the collection itself. A well-documented targeted collection—with clear scope decisions, chain of custody records, and a repeatable process—is often more defensible than a broad device image collected under pressure with inconsistent procedures.
Legal teams that are building mobile discovery programs now should be asking: Can we explain every scoping decision we made? Can we show that our process was the same for custodian one and custodian fifty? Can we demonstrate that we didn’t collect data we had no business collecting?
Those questions are increasingly the ones that matter when collections are challenged.
Practical Takeaways
Mobile discovery isn’t going to get simpler. The number of relevant applications will continue to grow, the volume of mobile communications will increase, and the expectation that legal teams can collect and produce this data quickly and defensibly will only intensify.
Organizations that are ahead of this challenge share a few common traits: they’ve defined a standard process for mobile collections before a matter demands one, they’ve thought carefully about BYOD policies and what they mean for discovery obligations, and they’ve moved away from the assumption that broader is safer.
The shift toward targeted, remote, and well-documented mobile acquisition isn’t a workaround. It’s where sound practice is heading—and the organizations building those capabilities now will be better positioned when the next matter arrives with a short timeline and a lot riding on the outcome.
