While use of cloud computing continues to grow, the Federal Rules of Civil Procedure and most state civil rules have not caught up with this technology. Current rules do not provide any specific guidelines for preserving and producing electronically stored information (ESI) in a shared environment. And not surprisingly, there are few court rulings interpreting how the civil rules should operate in the cloud. This leaves in-house counsel and its outside counsel litigation team with little guidance when formulating a plan for managing company data stored in a cloud in the face of a large and complex piece of litigation.
If you find yourself in these shoes, here are some essential steps to take in order to fulfill your e-discovery obligations for preserving and producing data stored in a cloud.
In the past few years, the American Bar Association and many state bars have issued ethics opinions that bless the use of a cloud in e-discovery provided that certain safeguards exist for protecting client data. This means you need to exercise due diligence and cannot blindly rely on the provider’s word. Because the data is being maintained by a third-party host, steps must be taken to make sure the data is not being accessed by non-essential third parties to the relationship and that reasonable precautions are made to maintain confidentiality. Understand who else is storing data in the cloud. Many cloud providers use the same processors and storage devices to service multiple clients. Learn how the system works and is designed so that there is no risk of commingling or unauthorized access to the data. Confirm that the provider’s written policies state that all company data will be kept confidential and secure.