Does your bring-your-own-device (BYOD) policy quietly wall-off the best evidence in your next case? A March 17, 2025 Special-Master ruling in Allergan, Inc. v. Revance Therapeutics, Inc. says it might—denying a motion to compel searches of four employees’ personal phones because the employer lacked “possession, custody, or control” under both Rule 34 control tests.
Why Litigators Should Care
- Mobile data is everywhere. Texts, WhatsApp threads, and Signal chats often hold the smoking gun.
- Discovery cost rides on control. If the company controls the device, you can force production; if not, you’re filing Rule 45 subpoenas (and burning budget).
- Courts are split. Allergan adopts the Legal-Right test and—importantly—finds no control even if the Practical-Ability test applied, while Judge Boyle’s Miramontes v. Peraton favors a fact-specific approach that can rope in personal phones.
The Facts in a Nutshell
Allergan claims Revance poached employees—and Botox trade secrets. To prove it, Allergan demanded that Revance search the personal phones of four ex-Allergan staffers now working for Revance.
Revance’s playbook that the Special Master analyzed to determine “control” under Rule 34 consisted of the following:
- Employee handbook – declares company ownership of “electronic communications,” including texts.
- BYOD policy – lets employees use personal phones only for corporate e-mail, allows compliance inspections, and reserves the right to remote-wipe devices.
Allergan said that language gave Revance control. Revance said Rule 34 requires something stronger.
The Ruling: No Control Under Either Test
The Special Master surveyed a decade of precedent and adopted the Legal-Right Standard: an employer must have a contractual or statutory right to seize or demand the data on cue.
- Handbook ≠ legal right. Broad “we own the data” language wasn’t enough; it lacked a clause letting Revance compel employees to turn over phones.
- BYOD narrowed the scope. Because the policy limited business use to corporate e-mail (collected elsewhere), Revance had no duty—or right—to rummage through messaging apps.
- Practical-Ability also failed. Even if that less-stringent test applied, Revance had no real-world leverage to force production, and Allergan offered no evidence that Revance routinely harvested personal-device data or that the four employees were cooperating or financially tied to the litigation.
Control Standards Compared
Practical Takeaways
For In-House Counsel & IG Teams
- Audit your BYOD policy—yesterday. Want discovery control? Spell out rights to inspect, collect, and preserve all work-related data on personal devices, including messaging apps and cloud backups. Prefer to avoid that duty? Limit allowed uses as Revance did.
- Sync handbooks and policies. Inconsistent language invites motion practice.
For Litigators Drafting ESI Protocols
- Decide on mobile data up front. Negotiate device scope early; a clear clause beats Rule 34 brinksmanship.
- Build the factual record. If you plan to compel, marshal evidence that employees actually used texts, Slack, or WhatsApp for business. The record was thin in Allergan, and it showed.
- Remember Rule 45. When an employer escapes control, subpoena the individuals—exactly what plaintiffs did after In re Pork.
For Everyone
- Offer BYOD-readiness workshops. Clients need playbooks for remote-wipe tools, consent flows, and defensible mobile collections.
- Track the split. Tennessee’s view today isn’t Texas’s view yesterday.
The Bottom Line
BYOD is no longer a throw-away paragraph in the employee handbook; it’s a litigation landmine. Allergan v. Revance shows that narrowly drafted policies can insulate personal-phone data from corporate discovery duties—under both control tests. Decide which side of the shield your organization wants to stand on, tighten the language, and bake that decision into every ESI protocol you sign.
Because in 2025, the question isn’t whether personal devices hold critical evidence. It’s who controls it when the subpoena hits your inbox.
