5 Steps to Ensure Your Cloud Provider Is Ready for Ediscovery

Businesses need to be prepared when an ediscovery request is made pertaining to data being stored in the cloud. Here are five steps IT leaders can take to ensure that their cloud computing vendors don't get them into hot water when responding to electronic data discovery requests.

Identifying, retrieving, and producing electronically stored information (ESI) in response to a subpoena can be a time-consuming and costly business. Processing just one gigabyte of data in response to an electronic discovery (ediscovery) request can cost at least $30,000, according to the Sedona Conference Journal.

It's not surprising, then, that few cloud providers have yet addressed the issue of ediscovery responsibilities in their standard contracts. But that leaves enterprises with their ESI in the public cloud at risk. "Courts have shown little patience for companies that fail to meet their discovery obligations," says Kim Leffert, counsel in the litigation practice of Mayer Brown. "An excuse that 'the data is on an outsourcing provider's systems' will likely fall on deaf ears." Indeed, courts have issued sanctions for failing to respond to ediscovery requests, including fines, suit dismissals, default judgments, and even potential jail time.

A company that outsources its ESI to an third party has the same obligation to preserve and produce relevant data as it would if the information were housed on its own servers, says Leffert; they may even face more risk if the subpoena or discovery request goes directly to the cloud provider.

While ediscovery responsibilities are negotiated and written into most traditional outsourcing contracts, cloud computing providers have been reluctant to address the issue as it would require more customization than they say their business models are built to accommodate. And that's unlikely to change anytime soon. "We're probably in round one or two of cloud computing, and this is a round three, four, or five [issue]," says Leffert. "[Cloud computing] customers may not be thinking about it either. They may view cloud [offerings] as more of a storage thing--like taking boxes of documents and putting them into a records warehouse."

But smart IT leaders should be proactive about addressing the issue before the prospect of litigation or government investigation arises, especially since the time frames for responding to ediscovery requests are often limited. "Even if the time frame is two months, that could be very short if you're talking about producing and reviewing 2 million documents," says Leffert. "A request to get six months of emails from one person is one thing; three years of emails from 100 people that's something else. It's all a matter of scale."

1 2 Page 1
Page 1 of 2
Download CIO's Roadmap Report: 5G in the Enterprise