Some Cloud Data Locations Could Derail Your eDiscovery Strategy

cloud_storage_derailedElectronic records management is supposed to make your data easier to manage and access, but when it comes to eDiscovery requests, the server location housing your data may make it more difficult to deliver timely, unspoiliated documents to requesting counsel. Understanding how data location impacts eDiscovery processes can help you select the right vendor for your enterprise content management solutions.

Disparate Locations and Subcontractors

Each country or location has different rules protecting data privacy, which means US-based eDiscovery processes may not compel information from certain locations in a time or manner which is compliant with US courts. Microsoft faced such issues when it was involved in a US trial and applicable data was housed in Ireland.

Even if your cloud storage vendor is based in the US or another country with laws friendly to eDiscovery, your data may not be housed in the same location. Many cloud companies subcontract data storage and technical functions to others, increasing the potential that company information may be stored in locations where it may difficult to produce content.

Data Location and Cloud Contracts

Avoid surprise derails of your eDiscovery strategy, especially during critical litigation times, by questioning potential vendors about data location and including some assurances in any contract. Before selecting a vendor, ask for detailed information about where and how data is stored, including a list of locations and any information about their storage subcontractors. Companies in regulated industries, such as finance or healthcare, may need to determine whether the vendor and all subcontractors comply with industry regulations as well as eDiscovery processes and timelines.

Require that any vendor contract include a guarantee that data will not be stored in regions that are unfriendly to eDiscovery processes. You may also want to ask that cloud vendors indemnify your company against damages that occur because data was stored in such areas or if data was not readily and appropriately available because of their subcontracting agreements and methods. For ultimate protection, you can even require that data storage is not subcontracted at all or is only subcontracted with a list of preapproved vendors.

While working with the vendor on contract negotiations, think outside of the box. Your own legal processes aren’t the only thing to consider. What if a computer housing your data is seized under the US Patriot Act because it also houses data for a suspect entity? By discussing as many data scenarios as possible with a potential vendor, you can develop an agreement that protects your company and your data. Thinking ahead regarding data storage and eDiscovery can reduce the risks that you face fines and judgments for not making good on litigation requests.