chevron-down Created with Sketch Beta.
July 08, 2020 Feature

Dealing with Demands for Phone Inspections and Social Media Account Data during Claim Investigations

By Justin Rudin
Nastco/iStock/Getty Images Plus

Nastco/iStock/Getty Images Plus

Collection-and-review protocols afford the disclosing party the opportunity to identify and protect privileged, irrelevant, and confidential information.

The typical first-party property insurance policy requires the insured to “cooperate” with the insurer’s investigation in the event of loss or to perform other postloss duties that the insurer requests, such as producing records and documents. The consequence of failing to perform these obligations can be the denial of the claim.

Relying on these postloss duties during investigations of first-party property insurance claims for fire and theft when foul play is suspected, insurers increasingly are demanding that insureds turn over their cell phones for forensic examination and produce their social media account activity. How should such demands be handled?

Relevance of Phone and Social Media Data

Forensic analysis of modern smartphones can reveal the user’s location history, call history, voice mails, text messages, emails, photos (including where and when they were taken), web searches and browsing history, and much more. Even deleted information can be recovered. These types of forensic examinations involve the use of specialized software to extract a “mirror image” of all of the device’s data, which is then downloaded and sorted by the examiner into a readable format.

Similarly, Facebook, a social media platform used by nearly seven out of 10 U.S. adults, according to a 2019 study, records all of a user’s activity on Facebook since the account was opened.1 With just a few mouse clicks, a person can download a user’s entire Facebook account or archive to a zip file. The archive includes, among other things, everything that the user has posted, including photos and videos, the user’s list of “friends,” IP addresses used to log in to the account, transcripts of “Messenger” conversations, and the history of calls and texts to contacts, which Facebook mines from the user’s phone—often without the user’s knowledge. This activity download does not differentiate content based on privacy settings or the user’s intended audience but instead lumps everything together.

Some of this information may be relevant to an insurer’s investigation. A phone’s GPS location data may help pinpoint an insured’s whereabouts at the time of a fire. Other obvious examples include text messages or social media communications involving discussions about procuring a loss or confirming whether an insured has knowledge of a particular matter or event or communicates with a person of interest.

But, at the same time, much or perhaps all of the data on an insured’s phone or from an insured’s social media account may contain highly personal and/or irrelevant information. Browsing histories containing an insured’s private interests or concerns, salacious photos, and conversations dealing with relationships and other intimate details of a person’s life are a few examples of potentially embarrassing information that may have no relevance to the claim investigation. An insurer’s request to forensically examine the insured’s phone or obtain the insured’s social media archive is akin to asking an insured in the predigital age to allow the insurer to come into the insured’s home and just look around at anything and everything it wants to inspect, including all of the insured’s photographs, letters, and even diary entries.

Legal Limits to Insurer Demands

Policyholders faced with a demand by their insurer to permit forensic inspection of their mobile phone or social media account, like Facebook, pursuant to their policy’s postloss duty to cooperate should keep in mind that this obligation does not mean that an insurer is entitled to anything and everything requested. Rather, the insurer’s requests for information must be material to the circumstances giving rise to liability on its part.2

For example, Chavis v. State Farm Fire & Casualty Co. dealt with a broad release of financial information, with the insurer requesting the insured to “authorize any representative of all banks and/or any type of lending institution which I have done any business with to consult with and/or deliver to any representative of [the insurer] any and all records referred to or requested by any representative of [the insurer].”3 In this case, the North Carolina Supreme Court found that an insurer does not have an “unlimited right to roam at will through all of the insureds’ . . . records without the restriction of reasonableness and specificity. Such an obligation would subject an insured to endless document production . . . as the insurer fished for evidence on which to build [its] defense.”4 The Washington Supreme Court, in Tran v. State Farm Fire & Casualty Co., agreed that “an insurance company should not have license to burden an insured with demands for items that are immaterial.”5 Courts addressing discovery disputes over electronic data and social media information under the rules of civil procedure have taken a similar view.6 Thus, one of the key factors that courts consider before ordering forensic examination of electronic devices is the specificity of the request and its relevance to the action.7

Responding to Insurer Demands

In light of these principles, policyholders should respond to carriers demanding a cell phone inspection or production of social media activity by expressing their legitimate concerns that these requests will involve the disclosure of private and irrelevant information. Insureds should ask their insurers the following:

  • What type of information is being sought from the cell phone or social media account?
  • Is there a less intrusive way to provide the information sought?

When addressed in this manner, most carriers respond by identifying the specific type of information sought relating to the investigation. The probable reason is that a court likely would not find that an insured breached the insured’s duty to cooperate where the insurer failed to specify the relevant information being sought and instead insisted on carte blanche access to all information contained in the insured’s mobile device and social media account.8

If there is no less intrusive way to provide the information sought, a well-drafted protocol should be considered. Forensic examinations of mobile devices require an extraction of all of the items from a specified category from the device before sorting through the data; in other words, the extraction cannot be limited to a certain time period or to certain subjects (e.g., if text messages are sought, all text messages will be collected—not just those involving conversations between specific people or phone numbers). For this reason, the insured should propose a protocol addressing (1) the independent examiner performing the inspection, (2) the gathering of the information by the examiner that is responsive to the insurer’s request, (3) a procedure allowing the insured to review the information obtained for privilege and relevance to the claim and then prepare a privilege log describing any information to which the insured objects to disclosing and the basis for the objection, and (4) a mechanism for resolving any disputes over information identified on the privilege log via a court or other third party.

This approach has been adopted by state and federal courts alike in cases where forensic examinations of electronic devices have been permitted in discovery.9 The purpose of these collection-and-review protocols is twofold: (1) they allow the requesting party to obtain relevant information from the other party’s phone or computer; and (2) at the same time, they afford the disclosing party the opportunity to identify and protect privileged, irrelevant, and confidential information.10

Facebook account archives can be obtained by following a few simple steps, and the information will be presented in a readable and fairly organized format. Any concerns that the carrier may have as to whether all of the information specifically requested is being provided can conceivably be addressed by borrowing some of the concepts from the collection-and-review protocol, at the carrier’s expense.


Cell phone data and social media account archives, as well as other forms of electronic information, are becoming more and more a part of insurance claim investigations. In light of this, policyholders should be proactive in addressing blanket demands for examination of their mobile devices and social media accounts. Insurers should specify the type of information sought that is relevant to their investigation, and a protocol should be agreed upon as appropriate. If the two sides are reasonable, then both the insurer’s concerns about obtaining information material to its investigation and the insured’s concerns about handing over private, potentially embarrassing, and irrelevant information can be alleviated.


1. Social Fact Media Sheet, Pew Res. Ctr. (June 12, 2019),

2. Chavis v. State Farm Fire & Cas. Co., 346 S.E.2d 496, 498 (N.C. 1986); Tran v. State Farm Fire & Cas. Co., 961 P.2d 358 (Wash. 1998).

3. 346 S.E.2d at 498 (emphasis added).

4. Id. at 499.

5. 961 P.2d at 367.

6. Appler v. Mead Johnson & Co., LLC, No. 3:14-cv-166-RLY-WGH, 2015 WL 5615038, at *4 (S.D. Ind. Sept. 24, 2015); Ogden v. All-State Career Sch., 299 F.R.D. 446, 450 (W.D. Pa. 2014); Tompkins v. Detroit Metro. Airport, 278 F.R.D. 387, 388 (E.D. Mich. 2012); McCann v. Harleysville Ins. Co. of N.Y., 78 A.D.3d 1524, 1525 (N.Y. App. Div. 2010).

7. See John B. v. Goetz, 531 F.3d 448, 459–60 (6th Cir. 2008) (denying request for forensic imaging because it was “extremely broad in nature” and the connection between the devices and the claims was “unduly vague or unsubstantiated in nature”); Ramos v. Hopele of Ft. Lauderdale, LLC, No. 17-62100-CIV, 2018 WL 1383188 (S.D. Fla. Mar. 19, 2018) (denying request for forensic examination of cell phone because it was not “tailored to obtain information that is relevant to any claim or defense in this case”); Bakhit v. Safety Marking, Inc., No. 3:13-cv-1049, 2014 WL 2916490, at *2 (D. Conn. June 26, 2014) (denying request for inspection because it was overbroad, the requesting party did not show that it could not obtain the information elsewhere, and the request implicated privacy concerns in the cell phone data); Freres v. Xyngular Corp., No. 2:13-cv-400-DAK-PMW, 2014 WL 1320273, at *4 (D. Utah Mar. 31, 2014) (granting motion to compel examination of the plaintiff’s cell phone where the defendant sought “narrow category of information”).

8. See Blinco v. Preferred Mut. Ins. Co., 11 A.D.3d 924 (N.Y. App. Div. 2004) (finding that the insurer failed to establish noncooperation because the insured’s objection to “broad scope of documentation” requested by the insurer seeking “any and every claim” made by the insured “to or against an insurance company” was not unreasonable); Chavis, 346 S.E.2d at 499 (“Had defendant’s request for banking information been reasonably specific plaintiffs would have been obligated to produce the requested documents. We hold therefore that plaintiffs were justified as a matter of law in refusing to sign this overbroad release.”); Pilgrim v. State Farm Fire & Cas. Ins. Co., 950 P.2d 479, 483 (Wash. Ct. App. 1997) (“[A]n insured does not need to supply information unrelated to the policy or investigation of the claim.”).

9. See Wynmoor Cmty. Council, Inc. v. QBE Ins. Corp., 280 F.R.D. 681, 687–88 (S.D. Fla. 2012); Koosharem Corp. v. Spec Personnel, LLC, No. 6:08-583-HFF-WMC, 2008 WL 4458864, at *2–3 (D.S.C. Sept. 29, 2008); Crosmun v. Trs. of Fayetteville Tech. Cmty. Coll., 832 S.E.2d 223, 234 (N.C. Ct. App. 2019); Bennett v. Martin, 928 N.E.2d 763, 776 (Ohio Ct. App. 2009).

10. Bennett, 928 N.E.2d at 776.

The material in all ABA publications is copyrighted and may be reprinted by permission only. Request reprint permission here.

Justin Rudin


Justin Rudin serves as counsel for insurance solutions at Airbnb, Inc. Before assuming this role he was an associate at Rutter & Russin LLC, where he devoted his practice to representing insurance policyholders. He also served as vice-chair of the TIPS Property Insurance Law Committee.