Today, many companies are knowingly or unknowingly storing discoverable information assets in the cloud. While cloud storage provides numerous conveniences, it also leaves companies vulnerable to significant discovery-related court fines and incapable of making informed legal decisions quickly when faced with litigation.
A decade ago, companies experienced similar challenges when they began storing information in diverse repositories such as email systems and network file shares, as well as desktops, laptops, and other locations. When e-discovery emerged as a major issue in the early 2000s, companies found themselves unable to efficiently collect information from these distributed sources due to their failure to enact holistic e-discovery plans for each source of information.
Litigation is a fact of life. Whether a large enterprise or a small business, every company is responsible for finding and producing its digital information in the event of a legal investigation or regulatory requests. Amendments to the Federal Rules of Civil Procedure (FRCP), brought into effect in 2006, place the burden of e-discovery accountability squarely on companies’ shoulders. The result has been higher e-discovery costs and tighter timeframes for producing potentially responsive information. For most companies, e-discovery is a reactive and expensive firefight.
One of the reasons that companies look to cloud-based storage solutions, such as hosted email archiving, is to minimize the reactive nature of e-discovery. However, without a strategic and clearly articulated plan, companies may be surprised to learn that access to information may be limited. In the early days of hosted email archiving, companies were often caught off guard by discovery searches that took weeks to return results because service levels had not been pre-negotiated with the vendor. By proactively managing information and defining what needs to happen in the event of e-discovery, companies can reduce downstream costs associated with processing and legal review.
More specifically, companies should request that cloud vendors provide documentation of systems, data and backup procedures to ensure information is protected and redundant. Before choosing a cloud vendor, companies should determine the physical location of information and the applicable legal/regulatory rules that apply to where information can be stored. It is also important to ascertain exactly how information is stored (e.g. dedicated storage versus shared storage.)
Companies should address information preservation and collection obligations, including costs, and define any vendor liability that could exist for failure to preserve and collect. They should also identify a vendor employee who is appointed to testify regarding preservation and collection issues; doing so goes a long way toward successfully managing the chain of custody of information.