There is something that not many people seem to realize about how your personal email can get sucked into a lawsuit filed against your company. It all comes down to ediscovery...
The Setup
Your company is named as a party to a suit. As part of that suit, Opposing Counsel files a discovery request for, "all communications, including but not limited to corporate email and messaging systems, between IT employees that mention the words cloud, ${plaintiff name}, or ${project name}"
Your email is going to get sucked into the ediscovery vortex.
The Problem
Where are they going to search for that data?
- The corporate email service is going to get sucked dry.
- If your company doesn't have a document retention policy, backups going back up to seven years may have to be restored and filtered for responsive email.
- The corporate IM and Chat facilities, if any. Which may include paid third party services such as Campfire.
- Dumps of key employee laptops to sift through offline email archives.
- Employee phones to filter for locally cached email and message data (such as SMS) that isn't on the corporate servers.
And probably more. There are collection specialist agencies out there that know where all of the places messages hide and will find them.
Once all that data is collected it then has to be sifted through for responsiveness (is relevant to the case). This is getting easier every year, and my old company is one such vendor that is making it even easier to sift through 10's of gigabytes of email and message data. Full-text indexing is pretty good these days.
But what did they get along with all of that collected data?
Case 1: You went with the 2nd Phone and didn't put any work apps or communications on your personal phone
In this case your work phone will get dumped and sifted through for responsiveness. Your work email and SMS traffic, as well as any app-caches will get included within the discovery horizon. The SMS conversation between you and a coworker about, "Those bastards at ${plaintiff agency} and their latest unreasonable request" will be included in the data heading to their lawyers. You're not supposed to talk like that about clients, even in private, but it was the end of a bad couple weeks and you slipped up. Oops.
Or you were a good worker-bee and had that conversation on your personal devices that have no connection to work. Your personal devices are not included in any reasonable discovery horizon unless specifically named, and you weren't. This venting happens off the clock, between employees bound by the same privacy rules, on personal property. Whew! Your company's legal team now has less work on their hands.
Case 2a: You take the data stipend and put all the corporate apps on your own phone
Case 2b: You take the 2nd phone and put your personal messaging on the company phone for convenience
Both of these cases have the same liability problem, personal and corporate messaging sharing the same device, so I'm lumping them together.
Remember that bad month, when ${plaintiff agency} was driving everyone to distraction? And the day you got out of work three hours late and ended up on the last train, which is the local, which meant you got home at 1am? And all that time you had, in which you composed a blistering email to your partner detailing the total injustice you experienced in the past month at the hands of ${plaintiff agency} and their never sufficiently damned ${project}? And how your language got a bit blue? And how you fantasized about what mishaps could "happen" to that project, "accidentally"? And you ended up teaching auto-correct new words to express your displeasure?
Good thing you used your personal email account to your partner who is also on the same messaging system.
Oh wait. Your corporate email is on that same device, so that device is going to get collected.
Including the local cache of your private email account. And the local copy of that email.
Your company's legal team now has a big problem on their hands and you just might be out of a job, for cause.
Seriously, maintaining a work/personal firewall in your communications benefits everyone. It benefits the Company, since it limits liability in ediscovery, and it benefits the worker by allowing them a communications medium that isn't subject to corporate law ediscovery requests.
That firewall can still be breached, but it requires work. It requires establishing a pattern of behavior of certain employees that they routinely performed corporate communication outside of the corporate systems. Such as discovering a Dropbox account with company files in it, or lots of email forwarded to an employee's personal account.
Either way, if you're offered a choice between a stipend and a phone, get the 2nd phone however you can. Maybe that $50/mo is enough for a second phone you buy yourself. This is important enough to ask future employers what their cell policy is as part of the interview and negotiation process.