If you’re among the nearly half of Americans who make a list of lofty resolutions every January 1, e-discovery was probably the last thing on your mind as you pledged to lose weight, exercise more, eat healthier, or get organized. However, wearable tech and apps that we use to track our progress toward these goals could be the next frontier for electronically stored information (ESI) in litigation and investigations.
For example, the Fitbit tracks how many steps users take per day and when they take them. It can also measure when, how well, and how long users sleep. Other trackers and apps collect and store data regarding users’ heart rate, weight, calories burned, body mass index, blood sugar, and cholesterol. New smartphones have fingerprint sensors that measure users’ stress level, blood pressure, UV exposure, and the concentration of oxygen in their blood. Many of these devices and apps also track users’ current location through GPS technology.
All of this data is a virtual treasure trove for lawyers and their clients—particularly insurance companies (just think if they used the information they collect to set health insurance premiums!). And, although it is highly personal information, it is not governed by privacy laws such as the Health Insurance Portability and Accountability Act (HIPAA), which limits its coverage to medical-related entities. Thus, this data is fair game in lawsuits. Indeed, the first known case involving data from a fitness tracker is currently underway in Canada. In this personal injury matter, the plaintiff’s lawyers are harvesting data from a fitness tracker to establish that the plaintiff’s activity level has declined substantially as a result of an accident.
As the age of the Internet of Things (IoT) continues, lawyers must make a different type of New Year’s resolution: they should begin creating discovery plans with these emerging forms of data in mind. First, they must consider how to include these types of data in their discovery strategy. They must also have a preservation plan that incorporates the data from these devices and apps and legal holds that remind users to retain this information. Finally, they must consider which tools they will employ to collect and process the information from the devices, the cloud, and other third-party repositories that gather or host this information.
About the Author