Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

E-discovery in the cloud? Not so easy

Tam Harbert | March 7, 2012
Your company is embroiled in a lawsuit, and your general counsel has come to IT for help in conducting e-discovery on a batch of data. You easily gather some of the information from storage in your data center, but some of it is sitting in the cloud. Easy enough, you think, to get that data as well.

"The key is to treat cloud-based sources of data like any other data source," Murphy concludes. "Include it in data maps, have a plan for collecting and preserving it, know how to manage the chain of custody, and understand when to dispose of the data so that it poses no e-discovery risk."

Questions to ask your cloud vendor

The key to setting successful e-discovery policies for cloud computing is knowing exactly what your cloud vendor will and will not do in the event of e-discovery. More than 70% of the respondents to eDJ Group's survey did not know their cloud vendor's policy in terms of responding to e-discovery needs.

Here are some questions that analysts recommend asking:

How would information be placed on legal hold?

How can the information be accessed by various parties?

How would the e-discovery functions of review and analysis be executed? Can you look at the data without having to download it?

What are the vendor's systems, data and backup procedures? Can it ensure that information is protected and redundant?

Exactly how is information stored? Is tenancy shared or do you get your own dedicated storage?

Where is the physical location of the stored data? Different countries have different regulations and law regarding data privacy and e-discovery.

Who bears the responsibility and cost of information collection and preservation? Who would be held liable for a failure to collect and preserve the information?

Will the cloud vendor agree to identify an employee to testify regarding preservation and collection? "Doing so goes a long way toward successfully managing the chain of custody of information," writes eDJ co-founder Barry Murphy.

Exactly how can the data be searched and collected or locked down? Some cloud vendors may not have the tools to do this.

How long would a large collection of data take? In what format would the cloud provider deliver the data? Unless these details are pinned down, your legal counsel might promise an unrealistic deadline for delivering data or, worse yet, not be able to meet the court's deadline.

How will you get the information back if the vendor goes out of business?

How long will the vendor retain your data? If the vendor discards it too soon, then it can "look to the plaintiff as if the defendant has found a way to shred their documents," says Much Shelist P.C. principal James Kunick.

Can you test the vendor's system to make sure you can access, search and/or download data promptly and properly?


Previous Page  1  2  3  4  5 

Sign up for Computerworld eNewsletters.