A Fortune 20 company was all set to move its e-mail and collaboration systems to the cloud. The business case was obvious: It would be cheaper, more scalable, and easier to manage. The chief information officer was about to pull the trigger.
Only one problem: The company hadn't considered the move's implications on e-discovery. Where would the data be stored? How quickly could it be accessed, analyzed, and removed for delivery to the opposing litigant? When would e-mails and other data be deleted? How could they prove that documents had not been manipulated?
Barry Murphy, principal analyst with the consulting firm eDJ Group and a contributor to eDiscovery Journal, raised some of these questions. While the cloud is still in the company's plans, it has scaled back and slowed the migration. e-Discovery concerns “prevented the IT team from going out and saying, ‘Here's our mail—just manage it for us,'” Murphy says.
Just as the varieties of cloud are diverse—private, public, and hybrid; involving infrastructure-as-a-service (IaaS), platform-as-a-service (PaaS), and software-as-a-service (SaaS)—so too are the cloud's implications on e-discovery. There are two important e-discovery considerations with respect to the cloud. The first relates to dealing with corporate data being stored in the cloud. The second has to do with how vendors harness cloud technology to collect, process, and review data destined for legal proceedings.
If the 500 information managers responding to the Association for Information and Image Management's information governance survey are any measure, how e-discovery plays out in the cloud should be of broad interest. More of those surveyed listed “excess litigation costs or damages resulting from poor recordkeeping” as a top-three information-governance risk than any other concern. At the same time, however, 53 percent remained reliant on manual searchers on file shares, e-mail, and physical paper records, said Doug Miles, head of market intelligence for the AIIM.
Also, he said, for all the popularity of the cloud, Corporate America does not appear to be condensing its sensitive data into it. Nearly half of AIIM survey respondents said they wouldn't—or probably wouldn't—move to the cloud for their records, with 38 percent saying they're waiting for more mature security and reliability. Just 16 percent already had their records in the cloud or planned on moving them there soon. “Most analysts would say, ‘Everybody's on the cloud already, aren't they?'” Miles said. “Well, no.”
The reticence may have something to do with the many fonts of uncertainty inherent in emerging technology. “The question with cloud computing is whether it's going to make e-discovery harder or easier, more or less expensive, and offer more or less control,” says Todd Nunn, a partner with law firm K&L Gates. “It can really go both ways.”
Nunn and other experts stressed that companies should build e-discovery needs into service-level agreements (SLAs) before sending their data to the cloud. “You can see it as a train wreck waiting to happen if you don't think about these things in advance,” says Michael Lackey, a partner in charge of law firm Mayer Brown's Washington D.C. practice.
Avoid click-through agreements if at all possible, says David Stanton, a partner with law firm Pillsbury Winthrop Shaw Pittman. These are boilerplate, legally binding “contracts of adhesion” that automatically go into force when you click past the fine print without really reading it anyway. Under such agreements, e-discovery has the potential of becoming cumbersome, expensive, or both, Stanton says. The good news, though, is that, “If you're a larger company with a significant amount of data, you can bypass it and call the company,” Stanton adds.
“The question with cloud computing is whether it's going to make e-discovery harder or easier, more or less expensive, and offer more or less control.”
—Todd Nunn,
Partner,
K&L Gates
In negotiating with a cloud provider, getting answers to a few key questions can help put corporate attorneys at ease, says Michele Lange, director of thought leadership at Kroll Ontrack, a provider of data management and recovery services. First, assess the cloud provider's reputation for integrity, she says. Then ask: Where will the data be located? How can we access it? How will it be preserved? How will it be secured?
Murphy says SLAs should include language as to how quickly e-discovery-related searches should run and how quickly the data will be available to the legal team. While no cloud provider will offer full indemnification, “If you get sanctioned $300,000 for not producing data quickly enough because the cloud vendor fell and couldn't do it, you can build in some ways to recoup costs,” he says.
Other contractual stipulations might include ensuring that e-mail metadata is preserved, specifying copyright ownership of your data, clarifying country locations and cloud-service sub-contracting arrangements, and providing notification of subpoenas, Stanton added.
Sophisticated cloud providers understand e-discovery, are responding, and are already marketing to e-discovery needs, Lackey says. That marketing may not have much behind it, though, warns Stanton.
“You'll see marketing materials that say ‘e-discovery compliance' and it doesn't mean anything. They don't know what they're doing,” Stanton says. The issue, he says, is that most cloud providers are in the business of getting data in and getting you access to it—and not in getting a lot of data out quickly. There may or may not be a mechanism to extract it. Or if there is a mechanism, it might be an exorbitantly priced add-on, he adds.
There's a good way to avoid this pitfall, Lackey says. “I would have them actually demo the technology. There are a lot of claims out there in the technology space, and a lot of times they don't live up to the hype,” he says.
And if your data's already in the cloud? A demo may be the part of the answer here, too. Stanton suggests working quietly with the cloud provider's on-the-ground staff to run a hypothetical e-discovery test case to see what's going to happen if they need to pull e-mails from, say, 15 people.
e-Discovery as a Service
The second part of the e-discovery-in-the-cloud story—vendors using the cloud for e-discovery document processing and analysis—is more straightforward. The appeal of moving e-discovery processing to the cloud using the SaaS model is the appeal of the cloud itself: no hardware or software to buy, no IT infrastructure to maintain, scalability for surprise lawsuits, and, presumably, lower cost. Often, it's an extension of traditional e-discovery outsourcing arrangements. “This isn't anything new despite vendors making it sound like it's new,” says Kroll Ontack's Lange.
MOVING TO THE CLOUD?
Respondents to the AIIM information governance survey were asked if they would consider adopting a Cloud/SaaS system for recordkeeping. Below are their responses.
Source: AIIM.
In the past, though, the processing engines driving e-discovery often ran on dedicated boxes. With the cloud, that process can move to virtualized services of an e-discovery vendor's private cloud or to the public cloud itself.
An example of the latter is X1 Discovery, whose software can be leased on demand in Amazon Web Services' cloud. The key, says X1 Discovery CEO John Patzakis, is that the SaaS provider has good data connectors into target cloud sites. “It's no different than where you have a solution that connects into a Sharepoint or Documentum repository,” Patzakis says.
Also central to technologies like those of X1 Discovery and Kroll Ontrack's Verve is the intelligent, cloud-based filtering of huge numbers of documents across many virtual servers using predictive-coding logic. It's saving countless hours of attorney time already, and that's only the beginning.
“It's not a question of whether e-discovery will primarily live in the cloud,” says Lange. “It's a question of when.”
No comments yet