[EDRM Editor’s Note: The opinions and positions are those of Michael Berman.]
Allergan, Inc. v. Revance Therapeutics, Inc., 2025 WL 984792 (Mar. 17, 2025), involves an alleged theft of trade secrets. The decision underscores the importance of information governance. “Information” is one of a business’s most valuable assets and corporate policies may determine the outcome of litigation.
The Special Master recommended denial of Allergan’s motion to compel searches of BYOD (“bring our own device”) devices used under the precise terms of Revance’s information governance and BYOD policies.
The Special Master wrote:
The Motion concerns Allergan’s request to compel Revance to search the personal devices of four individuals for documents responsive to Allergan’s discovery requests. These four individuals are Alexis Jammo, Domenico Vitarella, Todd Gross, and Roy Yoshimitsu, all of whom previously worked for Allergan and then worked for Revance. Each of these individuals used his or her personal devices while working for Revance pursuant to Revance’s Mobile Device Policy, or “Bring Your Own Device” policy (“BYOD Policy”).
Allergan, Inc. v. Revance Therapeutics, Inc., 2025 WL 984792 (Mar. 17, 2025).
Allergen relied on the Revance employee handbook. Revance responded that it lacked possession, custody, or control, and raised privacy concerns.
The Revance Handbook had a “search policy” that stated:
Furniture, desks, computers, cell phones, data processing equipment/software, vehicles, and other company-owned items are Company property and must be maintained according to Company rules and regulations …. The Company reserves the right to inspect all Company property including computer or phone data or messages to ensure compliance with its rules and regulations, without notice to the employee and at any time, not necessarily in the employee’s presence. There is no expectation of privacy in the possession or use of any Company property.
From The Revance Handbook.
There were several definitional provisions, id. at *3, and a monitoring clause in the Handbook:
The Company reserves the right to inspect all Company property to ensure compliance with its rules and regulations, without notice to the employee and at any time, not necessarily in the employee’s presence. Company computers and all electronic communications and electronic information are subject to monitoring, and no one should expect privacy regarding such use. The Company reserves the right to access, review and monitor phone calls, electronic files, information, messages, text messages, e-mail, Internet history, browser-based webmail systems and other digital archives and to access, review and monitor the use of computers, software, and electronic communications to ensure that no misuse or violation of Company policy or any law occurs. E-mail may be monitored by the Company and there is no expectation of privacy.
Allergan, Inc. v. Revance Therapeutics, Inc., 2025 WL 984792, at *3 (Mar. 17, 2025).
Revance’s BYOD policy applied to company-owned and personal devices. Id. at *3. An “acceptable use” of personal devices was to connect to Revance information technology systems that directly or indirectly supported its business. Id. Employees had to adhere to certain minimum requirements, a general code of conduct to protect confidentiality, and were not to copy personal or sensitive business data. Id. They were to use the Revance I.T. system on their BYOD. Id. The policy called for “allowing an inspection of the ‘device configuration to ensure compliance with all applicable Revance information security policies,’” and providing for remote wiping in defined circumstances. Id.
The Special Master found that Revance did not have Rule 34(a) control over the employee devices and recommended denial of Allergan’s motion.
The Master noted that some courts apply the “legal right” test and others apply a “practical ability” standard, while the Sixth Circuit uses an “actual” possession, custody, or control test. Id. at *4-5.
Master Presnell wrote:
Within these varying applications of Rule 34(a) “control” standards, relatively few courts have addressed whether to apply the “legal right” standard or “practical ability” standard in the context of an employer’s Rule 34(a) control over its employees’ personal devices, such as cell phones or tablets. In this context, the court’s decision in In re Pork Antitrust Litigation, No. 18-cv-1776, 2022 WL 972401 (D. Minn. Mar. 31, 2022), is instructive.
Id. at *6.
In Pork Antitrust: “The policy permitted Hormel to remotely remove company data from employees’ cell phones but did not allow Hormel to access or search text messages.” The Pork Antitrust court questioned use of the practical ability test in the employment context. Id. at *6. It differentiated between “asking” for documents and “demanding” them. Because Hormel’s policy did not “explicitly assert ownership,” Hormel did not have control. Id.
In Allergan:
The Special Master finds persuasive the reasoning of courts’ decisions in Pork Antitrust Litigation and Halabu Holdings as well as the recommendation of The Sedona Conference, and will apply the “legal right” standard to determine whether an employer (Revance) has Rule 34(a) control over its employees’ personal devices.
Id. at *7.
Allergan asserted that Revance had control over the devices under the legal right test “because they were used for work-related purposes.” Id. at *7. However, Master Presnell wrote that Allergan cited no supporting authority, distinguishing the cases that were cited. Additionally, “the Special Master understands that Revance has already searched, or is in the process of searching, for responsive emails in its employees’ Revance email accounts.” Id.
The Master determined that the Handbook’s “Cell Phone Policy” was for employee safety in that it prohibited conducting business while driving. Therefore, it did not establish control. Id. at *8.
He determined that the “Electronic and Social Media” policy, by its express definitional terms, applied only to company-owned cell phones. Id.
As such, the Handbook, standing alone, provides insufficient support for holding that Revance has the required Rule 34(a) control over its employees’ personal devices, such that Revance should be compelled to search their devices.
Id.
Turning to the BYOD policy, it, “whether standing alone or read in tandem with the Handbook—also does not support Allergan’s arguments.” Id. at *9.
The Special Master agrees with Revance. Just as in the BYOD policy in the Pork Antitrust case, Revance’s BYOD Policy does not authorize a search of its employees’ personal devices for any reason other than to inspect the “device configuration to ensure compliance with all applicable Revance information security policies.” … Moreover, the BYOD Policy is clear that the “code of conduct includes agreement to: … [c]onduct Revance Business on the mobile device only via the user’s Revance email account and Revance IT approved email application.” … As mentioned, Revance has already searched and agreed to produce company emails for each of the relevant custodians. But the Motion seeks the production of information beyond email, such as text messages. The BYOD Policy plainly forbidding the use of personal devices to conduct Revance business in applications other than email militates against a finding that Revance has Rule 34(a) control of those other applications.
Id. at *9.
The BYOD Policy plainly forbidding the use of personal devices to conduct Revance business in applications other than email militates against a finding that Revance has Rule 34(a) control of those other applications.
Allergan, Inc. v. Revance Therapeutics, Inc., 2025 WL 984792, *9 (Mar. 17, 2025).
In a “belts and suspenders” holding, the Special Master also found lack of control under the practical ability test, “for the same reasons that Revance does not have the legal right to require its employees to produce their personal-device data….” Id. He added:
Moreover, Allergan did not argue or otherwise establish that Revance obtains its employees’ personal-device data in the ordinary course of business, or that the Revance employees from whom personal devices are sought have cooperated in producing documents or have a financial interest in this litigation.
Id.
In my words, Revance’s course of conduct did not support Allergen.
In short, “without an agreement between Revance and its employees permitting Revance to search employees’ personal devices, explicit language in the policy giving Revance control over its employees’ personal-advice data, or more information about whether the subject employees actually used any other application on their personal phones for work purposes, the Special Master finds that Revance does not have Rule 34(a) control over the personal devices of employees Alexis Jammo, Domenico Vitarella, Todd Gross, and Roy Yoshimitsu.” Id. at *9.
…without an agreement between Revance and its employees permitting Revance to search employees’ personal devices, explicit language in the policy giving Revance control over its employees’ personal-advice data, or more information about whether the subject employees actually used any other application on their personal phones for work purposes, the Special Master finds that Revance does not have Rule 34(a) control over the personal devices of employees…
Allergan, Inc. v. Revance Therapeutics, Inc., 2025 WL 984792, *9 (Mar. 17, 2025).
In note 6, the Master wrote that he assumed the requests were proportional and stated: “Moreover, the parties’ briefing indicates that Allergan chose not to issue Rule 45 subpoenas directly to the subject employees and this Order therefore addresses only whether Revance has sufficient Rule 34(a) control over its employees’ personal devices to require it to obtain and produce data from those personal devices.” Non-defendant employees “are not immunized from discovery…..” Id. (citation and quotation omitted).
The Special Master approvingly discussed The Sedona Conference Commentary on Rule 34 and Rule 45 “Possession, Custody, or Control”, 17 Sedona Conf. J. 467, 484 (2016)). That paper was updated without change in 2024. See The Sedona Conference Commentary on Rule 34 and Rule 45 ‘Possession, Custody, or Control,’” 25 Sedona Conf. J. 2 (2024).
I have suggested the need for a national standard. Isn’t It Time for a Uniform National Standard on “Possession, Custody, or Control”? (Set. 7, 2022). “Possession, custody, or control” is an issue presented in most or all discovery responses.[1] As suggested by The Sedona Conference, the application of varying formulations of the bedrock “possession, custody, or control” concept is often contrary to the goals of uniformity and the just, speedy, and inexpensive resolution of each action. Id.; see also Possession, Custody, or Control – Part II (Oct. 27, 2023).
The District of Maryland and some other courts follow the “practical ability” test. See The “Practical Ability” Standard for “Control” in Maryland (Dec. 11, 2020); see, e.g., Goodman v. Praxair Servs., Inc., 632 F. Supp. 2d 494, 516 n. 11 (D. Md. 2009); In re Application of CBRE Glob. Invs. (NL) B.V., 2021 WL 2894721, at *3, 5 (S.D.N.Y. July 9, 2021); Bad Things Can Happen When Company Officers Use Their Private Email Accounts for Work (May 20, 2024)(“Several courts have rejected Defendant’s position that it has no control over the private email accounts of its Board Members even if they may have been using them to discuss Board-related matters. As one court has stated, ‘[s]uch an approach would gut Rule 34 and make it way too easy for high-level executives to hide evidence.’”).
One lesson is clear. Well-drafted information governance policies may be outcome-determinative in this murky area.[2]
Michael Berman, E-Discovery LLC.
One lesson is clear. Well-drafted information governance policies may be outcome-determinative in this murky area.[2]
Notes
[1] For example, please see Possession, Custody, or Control of Responsive Information by States Suing Meta (Sep. 12, 2024).
[2] For more detail on information governance, please see Bad Things Can Happen When Company Officers Use Their Private Email Accounts for Work.
Assisted by GAI and LLM Technologies per EDRM GAI and LLM Policy.
