Discover PerformanceHP Software's community for IT leaders // April 2012
E-discovery in the cloud: Can you find your data?
When storing data in the cloud, make sure your provider doesn’t expose you to legal risk when it’s time for electronic discovery.
Increasingly, enterprises are storing information in the cloud. Storage costs are plummeting and the workforce is mobile, making the cloud an attractive extension to in-house data centers. Social media and software as a service (SaaS) are all creating business information that lives in the cloud.
But putting business information in the cloud can leave you vulnerable if you are not prepared. If you’ve moved information to the cloud (or worse, if, through shadow IT, business units have moved information without you knowing it), you could be at risk for increased costs and exposure when it comes time for e-discovery. Your cloud service agreement may not include SLAs on availability, preservation, turnaround time on sizeable exports, access rights, etc., that become critical during litigation. Here’s how to make sure information needed for e-discovery is protected and accessible.
Know your e-discovery requirements
Just because data has changed its address to the cloud doesn’t mean anything’s changed in the eyes of the law. “Your information is subject to the legal jurisdiction of the countries you do business in—even if it lives somewhere completely different,” says Deborah Baron, vice president of legal and compliance at Autonomy, an HP Company.
For example, if you store data in the cloud and have a legal dispute in the United States, you are subject to U.S. regulatory retention requirements and common law rules that govern the preservation and production of relevant data. Your cloud provider must be able to accommodate these requirements. You are expected to have control of your business information—regardless of what infrastructure it’s on.
When information moves to the cloud and is found to be relevant to a legal dispute, you are obligated in the United States—and in a number of other countries—to preserve and produce it in a timely manner. The problem is, you may have no idea where it’s actually stored. And if your cloud provider isn’t experienced with e-discovery, you may be confronted with a host of problems: from having restricted access to your information to put it on hold, to having difficulty searching information stored in a SaaS provider’s system.
Address e-discovery from the beginning
When business store information in the cloud, they may be looking to lower costs or increase agility. E-discovery concerns are likely not considered in the decision—but they should be. “We see clients making decisions to store data in the cloud, but they haven’t consulted their legal and compliance counterparts,” Baron says. “They don’t have SLAs for preservation and data turnaround. They don’t know where their data is.”
Talk to your cloud or SaaS provider about how it supports e-discovery. As a rule of thumb, consider that requirements for storing information in the cloud need to be the same as if you were storing that information in your internal data center.
“Engineers, marketers and designers like using cloud storage to share and collaborate,” Baron says. “The information they're sharing could be considered intellectual property. It's valuable and could be critical to protecting and defending company patents, trademarks and IP. And it’s sitting out there in a less-than-ideal environment, where it could be copied or deleted.”
Ask the right questions
Cloud storage and SaaS aren’t going away, so the best course is to put guidelines in place for their use by IT and the business. Answering these three questions can help:
- What is the nature of the application or information you’ll be storing? What is its business value?
- If you stored this inside your own data center, what security, access and business continuity requirements would you expect?
- What legal, regulatory and retention requirements apply to it?
Baron advises that you consult your legal and compliance gurus. “What they’ll tell you will likely appear overly cautious at first,” she says. “Just know that they’re there to help you meet your goals as well as protect company assets and shareholder value.”
For more information, visit the Autonomy e-discovery solutions page.
Welcome to a new reality of split-second decisions and marketing by the numbers.
Looking toward the era when everyone — and everything — is connected.
Introduction to Enterprise 20/20
What will a successful enterprise look like in the future?
Challenges and opportunities for the CIO of the future.
Dev Center 20/20
How will we organize development centers for the apps that will power our enterprises?
IT Operations 20/20
How can you achieve the data center of the future?
What the workforce of 2020 can expect from IT, and what IT can expect from the workforce.
Preparing today for tomorrow’s threats.
Data Center 20/20
The innovation and revenue engine of the enterprise.