Ascending to the Cloud Creates Negligible E-discovery Risk

Cloud computing platforms (a set of pooled computing resources that are powered by software and delivered over the Web) have been generating quite a bit of press in the last year. Indeed, just recently computing giant Microsoft launched its Microsoft 365 cloud computing platform, designed to rival Google’s "mega-cloud" platform, which launched in May 2010. Since the release of the first commercial cloud computing platform by Amazon in 2006, cost-conscious companies have been racing to evaluate the pros and cons of moving their computing operations to “the cloud.” According to the Booz, Allen, Hamilton technology consulting firm, “Cloud computing may yield:

Life cycle costs that are 65 percent lower than current architectures

  • Benefit-cost ratios ranging from 5.7 to nearly 25
  • Payback on investments in three to four years."

Notably absent from that cost-benefit analysis, however, is the effect cloud computing may have on the costs and risks associated with conducting electronic discovery. Those engaged in such activities may well ask the question, “Will the savings companies expect from moving their data to the cloud be absorbed by the additional costs/risks created by conducting e-discovery in the cloud?”

The short answer is no. Although there are risks associated with conducting e-discovery from the cloud, they are remote, manageable and eclipsed by the savings companies should expect from cloud computing. Some of the riskiest aspects of conducting e-discovery in the cloud are:

  • The loss/alteration of data and associated metadata
  • The potential violation of international data privacy laws by illegally disclosing data in the jurisdiction in which the cloud is located
  • The unintentional waiver of the attorney-client privilege by co-mingling data or disclosing attorney client communications to third parties
  • The failure to properly and timely implement and monitor litigation holds

Fortunately, companies can easily manage the risk of altering metadata and the risk of violating international data privacy laws by insisting the service agreement with their cloud provider:

  • State that none of the company’s data may be stored outside the United States
  • Provide a detailed mechanism for how the cloud will implement litigation holds
  • Address how metadata will be created and stored in the cloud environment

Similarly, companies can minimize the risk of waiving the attorney-client privilege by including “no waiver” language in their cloud computing service agreements and establishing security protocols to prevent the inadvertent disclosure of communications to the administrators of the cloud or any other third party.

When the technology has improved and cloud computing administrators have developed expertise at responding to e-discovery requests, companies might even enjoy e-discovery cost savings by moving their data to the cloud. “If the cloud fulfills its promise and supplants the hodgepodge of local hard drives, LAN servers, and removable storage that now house our data, the cloud will emerge as the simpler, ‘one-stop shop’ for preservation and search in electronic discovery,” Craig Ball, an expert on trends in e-discovery, predicts.

In fact, that technology already has been developed and is in use for other applications. In late 2010, Facebook (currently the largest functioning equivalent to a cloud computing environment) added to its regular user interface a one-button preservation tool for capturing user content. Now, by simply clicking the “Download Your Information” button (and providing the appropriate password), Facebook users can request a neatly packaged zip file containing all of their videos, messages, wall posts, friend lists and other profile content — it doesn’t require a professional background in information systems to comprehend how similar technology can be applied to collect corporate data stored in the cloud.

Furthermore, cloud administrators saddled with the responsibility of responding to many subpoenas or production requests on behalf of myriad clients will, in time, develop an expertise in culling, processing and producing data. In turn, cloud users will undoubtedly benefit from advances in technology as well as the experience that cloud administrators have gained in responding to e-discovery requests.

The hope is that these efficiencies will translate directly to the end-user. At the end of the day, in-house counsel should be confident that (if managed properly) the benefit of moving a company’s data to the cloud outweighs the risks and costs associated with producing data from the cloud as part of a lawsuit.

                                       *                                                   *                                                *

This article was originally published by Steven Hunter, a Quarles & Brady partner, in Inside Counsel.

FRE 502: A Reasonable Step to Reduce Costs?

I’m sad to report that despite the political hype, FRE 502 is not likely to provide you with any substantial cost savings related to your electronically stored information ("ESI") and document productions. This is because FRE 502 does not eliminate the need for one of the largest discovery costs - namely, the dreaded page-by-page document review (not to mention the ensuing carpal tunnel of the finger). 

FRE 502 merely codifies the current law of the majority of federal courts on the inadvertent production of privileged material – i.e., there can be no waiver of privilege on inadvertently disclosed documents if you took reasonable steps to prevent and rectify the disclosure.  But what reasonable steps? Although omitted from the law itself, the FRE Advisory Committee informs us that: 

A party that uses advanced analytical software applications and linguistic tools in screening for privilege and work product may be found to have taken reasonable steps to prevent inadvertent disclosure.

And that may actually be helpful, but for the fact that the federal courts have long recognized that such screening comes with limitations and risks because the proper selection and implementation of such technology involves both legal and scientific knowledge.  Is it really a reasonable step to use methods judicially deemed "not foolproof?"

Moreover, cases interpreting the new FRE 502 reiterate and do not eliminate the need for attorneys to conduct a page-by-page privilege review:

Rhoads Industries, Inc. v. Building Materials Corp., No. 07-4756 (E.D. Penn. Nov. 14, 2008): upheld privilege only on inadvertently disclosed documents that were manually reviewed and logged by an attorney.  

Relion, Inc. v. Hydra Fuel Cell Corp., 2008 WL 5122828 (D. Or. Dec. 4, 2008): held that privilege was waived because, even though the issue of inadvertent production was raised by opposing counsel, the holder failed to conduct a page by page review.

Bottom line: keep flexing that finger – at least for now!