Earlier this year, I predicted that 2016 would be a year of increased focus on e-discovery from cloud-based sources and postulated that many organizations would demand better e-discovery solutions and increased cooperation from cloud providers. Industry experts agreed. So, what can proactive companies do to ensure that their cloud providers are on board for e-discovery purposes? Much can be accomplished before the contract is even signed. For most providers, e-discovery is not their primary concern so their form agreements are unlikely to address with any degree of specificity key components that could make compliance with discovery requests smoother. While there is no one-size fits all answer, trying to get specific commitments incorporated into the provider agreement will go a long way towards streamlining compliance.

Some things to consider when negotiating cloud services include:

  • Who owns the data? Although it may seem obvious, it is important to expressly identify who owns the data being hosted in the cloud.
  • Where is the data stored? Even though it’s stored “in the cloud,” the data exists on a server that is physically located somewhere. And the location of that server can make a difference, particularly if it is located overseas in a country with stringent data privacy laws that make transferring data back to the U.S. cumbersome and time-consuming. Ask the questions  upfront to avoid surprise later.
  • How can you access the data? This is another simple point that can make a big difference—how do you go about getting your hands on your data when you need it? Is there a dedicated representative or point of contact? How long will it take? Will there be additional charges? What format will the data be in? Address these logistical concerns head on in your negotiations. And don’t be afraid to get down to the details.
  • Will the provider comply with your record retention policy? As I’ve discussed before, the data you destroy (properly and in accordance with your record retention protocols) is as important as the data you keep. Consider including language requiring the provider to adhere to your data retention policies, including your litigation hold protocols. Give some additional thoughts as to whether you want to reserve the right to conduct periodic audits to ensure compliance.
  • Will the provider notify you if it receives a subpoena for your data? Sometimes, providers are subpoenaed for their customer’s data directly. You’ll want to discuss with your provider how they handle this situation. Will they notify you?  Within what time period? Will they cooperate with compliance or any motions to quash? Will they provider any required affidavits? Are there any additional fees?

E-discovery is never easy but proactive consideration of these issues at the outset of a relationship with a cloud provider can help remove some of the frustration from collecting data from the cloud.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Andrea Donovan Napp Andrea Donovan Napp

Andrea Donovan Napp is chair of the firm’s Electronic Discovery and Information Management Team. In addition to e-discovery, Andrea focuses her practice on complex commercial litigation, business torts, and market conduct cases, representing businesses, municipalities, and individuals in various jurisdictions. As chair of…

Andrea Donovan Napp is chair of the firm’s Electronic Discovery and Information Management Team. In addition to e-discovery, Andrea focuses her practice on complex commercial litigation, business torts, and market conduct cases, representing businesses, municipalities, and individuals in various jurisdictions. As chair of the Electronic Discovery and Information Management Team, Andrea coordinates Robinson+Cole’s use of the latest technology, such as Concordance, CaseMap, LAW, LiveNote, and various Web-based platforms, to achieve maximum efficiency and compliance for our clients. Andrea has significant experience in all aspects of e-discovery, including document retention and data management planning, development of defensible collection policies, and management of large scale reviews and production. She has managed several large, sophisticated e-discovery projects in government investigations and private litigation. Notably, she led United Technologies Corporation’s privilege review in the Department of Justice’s antitrust review of the largest-ever aerospace merger. She routinely counsels clients on the development of data retention policies, legal hold practices, and e-discovery response plans. Read her rc.com bio here.