The increasing popularity of cloud services and storage is making eDiscovery tricky – and expensive. Utilizing third-party data centers for storage doesn’t mean organizations are off the hook to provide information. It does mean, however, that retrieving that data often gets a lot more complicated. Here are seven ways in which cloud computing and electronic discovery are impacting each other.
1. Accessibility Challenges
With a growing number of private customers and companies storing sensitive data in the cloud, the problems associated with accessing or retrieving those digital records have become a real issue. If the cloud service provider lacks the proper backup records, or isn’t able to easily comply with the request for data retrieval, the time and effort needed to extract that data will increase exponentially.
2. Changing Estimates
The promotion of cloud storage as a faster, easier solution for keeping data secure has given rise to the incorrect assumption that getting data out of the cloud is just as easy as the initial upload process. This isn’t necessarily true, especially with regard to legal proceedings. With looming deadlines for the delivery of pertinent information, companies too often underestimate how long it will take to retrieve evidence.
3. Missing Permissions
When corporate data is hosted by cloud service providers who operate with consumer-grade services, permissions problems soon appear. Many users are accessing the cloud without the knowledge or consent of their IT team, let alone their corporate counsel. This leaves businesses vulnerable due to the individuals’ ignorance of eDiscovery compliance requirements.
4. Terms of Service
Every cloud service provider has an extensive set of terms and conditions its users must abide by. Although these may be perfectly adequate for daily operations, such guidelines often fail to support eDiscovery requirements that are common at the enterprise level.
5. Lack of Accountability
Data can’t be collected if its existence isn’t recorded anywhere, and many cloud storage providers fail to keep detailed log records indicating when and where actions occurred. Without the ability to track these actions, companies may remain unaware of the use of external cloud sources, especially by employees who are no longer with the company. This renders information undiscoverable.
6. Policy Changes
With the increase in company use of cloud storage, it’s clear that vendor policies must shift to address potential eDiscovery needs. The definitions for requiring electronically-stored information to be collected and preserved in a defensible manner have not changed, regardless of whether data is stored with a third party provider.
7. Adapting
Adjustments in the way cloud storage is handled are taking place from the ground up, as service providers begin incorporating eDiscovery requirements into their infrastructure. Even offshore data centers are not exempt from discovery.
Although cloud service providers may not have specific metrics in place which address the requirements of discovery, this is no reason for companies to absolve themselves of responsibility. Every company is still responsible for maintaining legal and compliance obligations, regardless of whether they utilize a third party. With proper planning, and a system for keeping trackable tabs on their data, companies can save time and money by utilizing the advantages of the cloud, while not getting caught out in the rain in case of eDiscovery.