Exactly this.
I've been in a lawsuit with Oracle (as engineer, not direct). And their discovery hit EVERYTHING.
If I used work devices for personal messages, my personal messages would absolutely been in scope.
Or if I used personal devices for work, my personal devices are now in scope. Hell NO!
My work laptop is on my personal network. Its also on its own vlan and can only talk to the imternet, and not fellow devices. And I can attest to that as much if I'm ever called in for a discovery hearing.
Discovery doesn't work like that in Europe though. It's not nearly as all-encompassing. And personal messages definitely would not be in scope. I think this is one of the reasons there is so much difference in strategy.
When we get requests to "legal hold" an account for discovery, this is always coming from the US.
That is more of a problem with the insane discovery system in the US than with anything else. If you had worked in Europe, GDPR would have protected your personal data from being sent over, as the Credit Suisse case has shown. They had to scrub all personal data before transferring files to a US counsel.
> Or if I used personal devices for work, my personal devices are now in scope. Hell NO!
In Europe, unless it's a criminal investigation, which this wouldn't be, there is no way a lawsuit would touch your personal devices if you didn't agree (and mostly also nobody would care I think).
I have my work items on a separate network as well but my motivation is more not trusting some random item being pushed down from corp and having it scan my network or something.