It’s no surprise that the eDiscovery frenzy gripping the American legal system over the past decade has become increasingly expensive. Particularly costly to organizations is the process of preserving and collecting documents, a fact repeatedly emphasized by the Advisory Committee in its report regarding the 2006 amendments to the Federal Rules of Civil Procedure (FRCP). These aspects of discovery are often lengthy and can be disruptive to business operations. Just as troubling, they increase the duration and expense of litigation.
Because these costs and delays affect the courts as well as clients, it comes as no surprise that judges have now heightened their expectation for how organizations store, manage and discover their electronically stored information (ESI). Gone are the days when enterprises could plead ignorance for not preserving or producing their data in an efficient, cost effective and defensible manner. Organizations must now follow best practices – both during and before litigation – if they are to safely navigate the stormy seas of eDiscovery.
The importance of deploying such practices applies acutely to those organizations that are exploring “cloud”-based alternatives to traditional methods for preserving and producing electronic information. Under the right circumstances, the cloud may represent a fantastic opportunity to streamline the eDiscovery process for an organization. Yet it could also turn into a dangerous liaison if the cloud offering is not properly scrutinized for basic eDiscovery functionality. Indeed, the City of Los Angeles’s recent decision to partially disengage from its cloud service provider exemplifies this admonition to “look before you leap” to the cloud. Thus, before selecting a cloud provider for eDiscovery, organizations should be particularly careful to ensure that a provider has the ability both to efficiently retrieve data from the cloud and to issue litigation hold notices.
Effective Data Retrieval Requires Efficient Data Storage
The hype surrounding the cloud has generally focused on the opportunity for cheap and unlimited storage of information. Storage, however, is only one of many factors to consider in selecting a cloud-based eDiscovery solution. To be able to meet the heightened expectations of courts and regulatory bodies, organizations must have the actual – not theoretical – ability to retrieve their data in real time. Otherwise, they may not be able to satisfy eDiscovery requests from courts or regulatory bodies, let alone the day-to-day demands of their operations.
A key step to retrieving company data in a timely manner is to first confirm whether the cloud offering can intelligently organize that information such that organizations can quickly respond to discovery requests and other legal demands. This includes the capacity to implement and observe company retention protocols. Just like traditional data archiving software, the cloud must enable automated retention rules and thus limit the retention of information to a designated time period. This will enable data to be expired once it reaches the end of that period.
The pool of data can be further decreased through single instance storage. This deduplication technology eliminates redundant data by preserving only a master copy of each document placed into the cloud. This will reduce the amount of data that needs to be identified, preserved, collected and reviewed as part of any discovery process. For while unlimited data storage may seem ideal now, reviewing unlimited amounts of data will quickly become a logistical and costly nightmare.
Any viable cloud offering should also have the ability to suspend automated document retention/deletion rules to ensure the adequate preservation of relevant information. This goes beyond placing a hold on archival data in the cloud. It requires that an organization have the ability to identify the data sources in the cloud that may contain relevant information and then modify aspects of its retention policies to ensure that cloud-stored data is retained for eDiscovery. Taking this step will enable an organization to create a defensible document retention strategy and be protected from court sanctions under the Federal Rule of Civil Procedure 37(e) “safe harbor.” The decision from Viramontes v. U.S. Bancorp (N.D. Ill. Jan. 27, 2011) is particularly instructive on this issue.
In Viramontes, the defendant bank defeated a sanctions motion because it timely modified aspects of its email retention policy. The bank implemented a policy that kept emails for 90 days, after which the emails were deleted. That policy was promptly suspended, however, once litigation was reasonably foreseeable. Because the bank followed that procedure in good faith, it was protected from sanctions under Rule 37(e).
As the Viramontes case shows, an organization can be prepared for eDiscovery disputes by appropriately suspending aspects of its document retention policies. By creating and then faithfully observing a policy that requires retention policies be suspended on the occurrence of litigation or other triggering event, an organization can develop a defensible retention procedure. Having such eDiscovery functionality in a cloud provider will likely facilitate an organization’s eDiscovery process and better insulate it from litigation disasters.
The Ability to Issue Litigation Hold Notices
To be effective for eDiscovery purposes, a cloud service provider must also enable an organization to deploy a litigation hold to prevent users from destroying data. Unless the cloud has litigation hold technology, the entire discovery process may very well collapse. For electronic data to be produced in litigation, it must first be preserved. And it cannot be preserved if the key players or data source custodians are unaware that such information must be retained. Indeed, employees and data sources may discard and overwrite electronically stored information if they are oblivious to a preservation duty.
A cloud service provider should therefore enable automated legal hold acknowledgements. Such technology will allow custodians to be promptly and properly notified of litigation and thereby retain information that might otherwise have been discarded. Inadequate litigation hold technology leaves organizations vulnerable to data loss and court punishment.
Confirming that a cloud offering can quickly retrieve and efficiently store enterprise data while effectively deploying litigation hold notices will likely address the basic concerns regarding its eDiscovery functionality. Yet these features alone will not make that solution the model of eDiscovery cloud providers. Advanced search capabilities should also be included to reduce the amount of data that must be analyzed and reviewed downstream. In addition, the cloud ought to support load files in compatible formats for export to third party review software. The cloud should additionally provide an organization with a clear audit trail establishing that neither its documents, nor their metadata were modified when transmitted to the cloud. Without this assurance, an organization may not be able to comply with key regulations or establish the authenticity of its data in court. Finally, ensure that these provisions are memorialized in the service level agreement governing the relationship between the organization and the cloud provider.