POSTED IN E-DISCOVERY
Earlier this year, I predicted
that 2016 would be a year of increased focus on e-discovery from cloud-based sources and postulated that many
organizations would demand better e-discovery solutions and increased
cooperation from cloud providers. Industry experts agreed.
So, what can proactive companies do to ensure
that their cloud providers are on board for e-discovery purposes? Much can
be accomplished before the contract is even signed. For most providers,
e-discovery is not their primary concern so their form agreements are unlikely
to address with any degree of specificity key components that could make
compliance with discovery requests smoother.
While there is no one-size
fits all answer, trying to get specific commitments incorporated into the
provider agreement will go a long way towards streamlining compliance.
Some things to consider when
negotiating cloud services include:
·
Who owns the data? Although it may seem obvious,
it is important to expressly identify who owns the data being hosted in the
cloud.
·
Where is the data stored? Even though it’s stored
“in the cloud,” the data exists on a server that is physically located somewhere. And
the location of that server can make a difference, particularly if it is
located overseas in a country with stringent data privacy laws that make
transferring data back to the U.S. cumbersome and time-consuming. Ask the questions upfront to avoid surprise
later.
·
How can you access the data? This is another
simple point that can make a big difference—how do you go about getting your
hands on your data when you need it? Is there a dedicated representative or
point of contact? How long will it take? Will there be additional
charges? What format will the data be in? Address these logistical
concerns head on in your negotiations. And don’t be afraid to get down to
the details.
·
Will the provider comply with your record retention
policy? As I’ve discussed before, the data you destroy
(properly and in accordance with your record retention protocols) is as
important as the data you keep. Consider including language requiring the
provider to adhere to your data retention policies, including your litigation
hold protocols. Give some additional thoughts as to whether you want to
reserve the right to conduct periodic audits to ensure compliance.
·
Will the provider notify you if it receives a subpoena
for your data? Sometimes, providers are subpoenaed for their customer’s
data directly. You’ll want to discuss with your provider how they handle
this situation. Will they notify you? Within what time
period? Will they cooperate with compliance or any motions to quash? Will
they provider any required affidavits? Are there any additional fees?
E-discovery is never easy but
proactive consideration of these issues at the outset of a relationship with a
cloud provider can help remove some of the frustration from collecting data
from the cloud.
No comments:
Post a Comment