Law.com Subscribers SAVE 30%

Call 855-808-4530 or email [email protected] to receive your discount on a new subscription.

Cloud Computing Presents Challenges in e-Discovery

By Jeffrey Ziplow
March 29, 2011

[Editor's Note: Cloud computing is being hailed as a next great hope for the entertainment industry, with consumers accessing content stored on third-party sites, rather than directly from the consumers' hard drives. But cloud computing is already used by many businesses, including those in the entertainment industry, to store their business records. This article examines issues in obtaining information from the cloud through litigation discovery.]

Cloud computing is alive and flourishing. It has become the popular technology tool for many who want to shift from local PC/Network computer storage and processing to external computers in “the cloud” (on the Internet) handling these types of services. e-Mail, word processing and financial systems are all examples of information that may no longer exist at a company's physical site and reside somewhere in cyberspace. Cloud computing technologies, however, can significantly impact how and where electronically stored information (ESI) resides, thus impacting the traditional e-discovery model.

Simply put, cloud computing is typically considered a subscription-based or pay-per-use service that is provided through the Internet. This also extends to the concept of Software-as-a-Service (SaaS). This includes software applications (e-mail, word processing, etc.) that are provided as a service to company employees via the Internet. Their information is stored on third-party network servers and not on in-house computers. Access to these applications is typically through a standard Web browser, allowing a user to access the information from virtually any location.

Sharing Space and Control

Most of the cloud computing facilities are multi-tenant, allowing multiple companies to share the same physical hardware and application capabilities while segregating and securing access to each company's information. The advantage to this type of service is cost and scalability. It's no longer necessary to invest in capital purchases to manage, maintain and build a physical infrastructure or to handle additional employees, software upgrades, storage requirements or business continuity planning. Most of the time, these elements are built into the cloud model.

In the past, most ESI for e-discovery was located on individual PCs or on a company's internal network servers. Computer forensic tools could be used to capture the ESI information in its pristine state. More importantly, the company had control over where the information was located and the retention policies, along with data backup practices and the ability to restore this information. In a cloud computing environment, all of this changes. A company may have limited control over many of these practices.

Attorneys (in conjunction with a firm's IT department) must now figure out where the ESI information resides. This is not necessarily an easy task. Cloud computing can drastically expand the ESI search requirements and significantly increase the difficulty and complexities of preserving, retrieving and producing this valuable information. Rule 34 of the Federal Rules of Civil Procedure allows the “requesting party or its representative to inspect, copy, test, or sample ' items in the responding party's possession, custody or control.” The key words here are “possession, custody and control.” Various court cases have established that a party is obligated to preserve and produce ESI information that is not in its possession or custody, but is in its control. Using cloud computing services will not absolve a party from e-discovery responsibilities; it will just make them more challenging.

Deleted Files

Another challenge for cloud computing is retrieving deleted files or other information located in unallocated hard disk space on the cloud provider's server. Traditionally, a computer forensic expert could access the hard drive of a PC or network server directly to identify and preserve this type of ESI information. However, in our new cloud computing model, a server will be stored off-site (maybe in another country), and may be shared between multiple cloud customers (multi-tenant).

Absent assigned hard drives or partitioning of server space, captured ESI could contain information from other cloud customers. Understandably, these companies would not want their data picked over by other parties. In addition, there may be no way to preserve or produce this data without causing significant disruptions to the cloud provider's operations and/or to their customers. Ultimately, the ability to retrieve deleted files or inspect unallocated disk space within a hard drive for a computer forensic examination would be severely limited in the cloud.

Conclusion

Putting one's head in the sand and claiming no control over cloud computing, and thus no ESI compliance, will not be received well by opposing counsel or the court. Instead, there is a practical responsibility for parties to recognize and understand how they can best control ESI in a cloud environment. Asking the right questions, signing up for the appropriate services and having a solid service level agreement can help.

Many cloud computing facilities provide a broad range of services to help protect ESI. An example of this is e-mail and IM archiving capabilities. This type of service can help companies manage document/file retention and allow for e-discovery searches with relative ease. Although there is an extra charge for this service, it may well be warranted to protect a company's responsibilities for ESI e-discovery. It should also help with litigation hold requirements.


Jeffrey Ziplow is a partner with BlumShapiro (www.blumshapiro.com), a regional accounting, tax and business-consulting firm with offices in West Hartford, Shelton and Westport, CT, and in Rockland, MA.

[Editor's Note: Cloud computing is being hailed as a next great hope for the entertainment industry, with consumers accessing content stored on third-party sites, rather than directly from the consumers' hard drives. But cloud computing is already used by many businesses, including those in the entertainment industry, to store their business records. This article examines issues in obtaining information from the cloud through litigation discovery.]

Cloud computing is alive and flourishing. It has become the popular technology tool for many who want to shift from local PC/Network computer storage and processing to external computers in “the cloud” (on the Internet) handling these types of services. e-Mail, word processing and financial systems are all examples of information that may no longer exist at a company's physical site and reside somewhere in cyberspace. Cloud computing technologies, however, can significantly impact how and where electronically stored information (ESI) resides, thus impacting the traditional e-discovery model.

Simply put, cloud computing is typically considered a subscription-based or pay-per-use service that is provided through the Internet. This also extends to the concept of Software-as-a-Service (SaaS). This includes software applications (e-mail, word processing, etc.) that are provided as a service to company employees via the Internet. Their information is stored on third-party network servers and not on in-house computers. Access to these applications is typically through a standard Web browser, allowing a user to access the information from virtually any location.

Sharing Space and Control

Most of the cloud computing facilities are multi-tenant, allowing multiple companies to share the same physical hardware and application capabilities while segregating and securing access to each company's information. The advantage to this type of service is cost and scalability. It's no longer necessary to invest in capital purchases to manage, maintain and build a physical infrastructure or to handle additional employees, software upgrades, storage requirements or business continuity planning. Most of the time, these elements are built into the cloud model.

In the past, most ESI for e-discovery was located on individual PCs or on a company's internal network servers. Computer forensic tools could be used to capture the ESI information in its pristine state. More importantly, the company had control over where the information was located and the retention policies, along with data backup practices and the ability to restore this information. In a cloud computing environment, all of this changes. A company may have limited control over many of these practices.

Attorneys (in conjunction with a firm's IT department) must now figure out where the ESI information resides. This is not necessarily an easy task. Cloud computing can drastically expand the ESI search requirements and significantly increase the difficulty and complexities of preserving, retrieving and producing this valuable information. Rule 34 of the Federal Rules of Civil Procedure allows the “requesting party or its representative to inspect, copy, test, or sample ' items in the responding party's possession, custody or control.” The key words here are “possession, custody and control.” Various court cases have established that a party is obligated to preserve and produce ESI information that is not in its possession or custody, but is in its control. Using cloud computing services will not absolve a party from e-discovery responsibilities; it will just make them more challenging.

Deleted Files

Another challenge for cloud computing is retrieving deleted files or other information located in unallocated hard disk space on the cloud provider's server. Traditionally, a computer forensic expert could access the hard drive of a PC or network server directly to identify and preserve this type of ESI information. However, in our new cloud computing model, a server will be stored off-site (maybe in another country), and may be shared between multiple cloud customers (multi-tenant).

Absent assigned hard drives or partitioning of server space, captured ESI could contain information from other cloud customers. Understandably, these companies would not want their data picked over by other parties. In addition, there may be no way to preserve or produce this data without causing significant disruptions to the cloud provider's operations and/or to their customers. Ultimately, the ability to retrieve deleted files or inspect unallocated disk space within a hard drive for a computer forensic examination would be severely limited in the cloud.

Conclusion

Putting one's head in the sand and claiming no control over cloud computing, and thus no ESI compliance, will not be received well by opposing counsel or the court. Instead, there is a practical responsibility for parties to recognize and understand how they can best control ESI in a cloud environment. Asking the right questions, signing up for the appropriate services and having a solid service level agreement can help.

Many cloud computing facilities provide a broad range of services to help protect ESI. An example of this is e-mail and IM archiving capabilities. This type of service can help companies manage document/file retention and allow for e-discovery searches with relative ease. Although there is an extra charge for this service, it may well be warranted to protect a company's responsibilities for ESI e-discovery. It should also help with litigation hold requirements.


Jeffrey Ziplow is a partner with BlumShapiro (www.blumshapiro.com), a regional accounting, tax and business-consulting firm with offices in West Hartford, Shelton and Westport, CT, and in Rockland, MA.

This premium content is locked for Entertainment Law & Finance subscribers only

  • Stay current on the latest information, rulings, regulations, and trends
  • Includes practical, must-have information on copyrights, royalties, AI, and more
  • Tap into expert guidance from top entertainment lawyers and experts

For enterprise-wide or corporate acess, please contact Customer Service at [email protected] or 877-256-2473

Read These Next
Strategy vs. Tactics: Two Sides of a Difficult Coin Image

With each successive large-scale cyber attack, it is slowly becoming clear that ransomware attacks are targeting the critical infrastructure of the most powerful country on the planet. Understanding the strategy, and tactics of our opponents, as well as the strategy and the tactics we implement as a response are vital to victory.

Major Differences In UK, U.S. Copyright Laws Image

This article highlights how copyright law in the United Kingdom differs from U.S. copyright law, and points out differences that may be crucial to entertainment and media businesses familiar with U.S law that are interested in operating in the United Kingdom or under UK law. The article also briefly addresses contrasts in UK and U.S. trademark law.

'Huguenot LLC v. Megalith Capital Group Fund I, L.P.': A Tutorial On Contract Liability for Real Estate Purchasers Image

In June 2024, the First Department decided Huguenot LLC v. Megalith Capital Group Fund I, L.P., which resolved a question of liability for a group of condominium apartment buyers and in so doing, touched on a wide range of issues about how contracts can obligate purchasers of real property.

The Article 8 Opt In Image

The Article 8 opt-in election adds an additional layer of complexity to the already labyrinthine rules governing perfection of security interests under the UCC. A lender that is unaware of the nuances created by the opt in (may find its security interest vulnerable to being primed by another party that has taken steps to perfect in a superior manner under the circumstances.

Fresh Filings Image

Notable recent court filings in entertainment law.