We previously addressed the scope of the duty to preserve. Once you determine when the duty to preserve commenced, you need to identify what needs to be preserved. While the scope of this duty has not changed dramatically over the years, the location, type and amount of information included within that duty has exploded in the past decade due to the advancement of technology and growth of social media outlets. This expansion of available outlets and the ease of creating information has substantially increased the complexity of issues associated with complying with the duty to preserve.
One of the most significant developments involves the use of third party data storage providers or “cloud providers.” Storage of information in the cloud affords companies numerous advantages, most significantly, the cost savings associated with data storage. Placing data in the cloud allows companies to replace portions of their existing technology infrastructure with third party data storage providers. But the convenience and related cost savings are not without risks. The most serious risks include preservation of confidentiality and security of the data as well as the ability to comply fully with preservation obligations on a timely basis.
A second consideration is how the cloud service provider will respond to third-party subpoenas
and/or requests for information. A company should confirm that it will be notified immediately of any such request and that information will not be produced without affording the company an opportunity to respond to the request.