Cloud Computing: E-Discovery Challenges Best Practices to Minimize - PowerPoint PPT Presentation

Presenting a live 90-minute webinar with interactive Q&A Cloud Computing: E-Discovery Challenges Best Practices to Minimize Pitfalls in Identification, Preservation and Collection of ESI WEDNESDAY, OCTOBER 24, 2012 1pm Eastern | 12pm Central | 11am Mountain | 10am Pacific Today’s faculty features: Todd Nunn, Partner, K&L Gates , Seattle Tanya Forsheit, Partner, Information Law Group , Manhatten Beach, Calif. The audio portion of the conference may be accessed via the telephone or by using your computer's speakers. Please refer to the instructions emailed to registrants for additional information. If you have any questions, please contact Customer Service at 1-800-926-7926 ext. 10 .

Sound Quality If you are listening via your computer speakers, please note that the quality of your sound will vary depending on the speed and quality of your internet connection. If the sound quality is not satisfactory and you are listening via your computer speakers, you may listen via the phone: dial 1-866-869-6667 and enter your PIN -when prompted. Otherwise, please send us a chat or e-mail sound@straffordpub.com immediately so we can address the problem. If you dialed in and have any difficulties during the call, press *0 for assistance. Viewing Quality To maximize your screen, press the F11 key on your keyboard. To exit full screen, press the F11 key again.

FOR LIVE EVENT ONLY For CLE purposes, please let us know how many people are listening at your location by completing each of the following steps: In the chat box, type (1) your company name and (2) the number of • attendees at your location Click the SEND button beside the box •

If you have not printed the conference materials for this program, please complete the following steps: Click on the + sign next to “Conference Materials” in the middle of the left - • hand column on your screen. • Click on the tab labeled “Handouts” that appears, and there you will see a PDF of the slides for today's program. • Double click on the PDF and a separate page will open. Print the slides by clicking on the printer icon. •

Cloud Computing and E-Discovery Todd L. Nunn e-Discovery Analysis and Technology Group, K&L Gates, Seattle 206.370.7616 todd.nunn@klgates.com

Cloud Computing E-Discovery - Contents  Cloud Computing Introduction  Possession, Custody and Control  Litigation Holds/26(f) Conference/Collection  Use and Admissibility  Jurisdiction  Third-party Subpoenas 6

What is Cloud Computing?  “Cloud computing comes into focus only when you think about what IT always needs: a way to increase capacity or add capabilities on the fly without investing in new infrastructure, training new personnel, or licensing new software. Cloud computing encompasses any subscription-based or pay-per-use service that, in real time over the Internet, extends IT’s existing capabilities.” Knorr, Galen, “What cloud computing really means”, Infoworld (4/7/2008)  7

What is Cloud Computing?  “The very definition of cloud computing remains controversial. Consulting firm Accenture has crafted a useful, concise definition: the dynamic provisioning of IT capabilities (hardware, software, or services) from third parties over a network.”  “Cloud computing is a computing model, not a technology.” Fogarty, “Cloud Computing Definitions and Solutions”, CIO.com  (9/10/2009). 8

Types of Cloud Computing Services - NIST  Cloud Software as a Service (SaaS)  Use provider’s applications over a network  Cloud Platform as a Service (PaaS)  Deploy customer-created applications to a cloud  Cloud Infrastructure as a Service (IaaS)  Rent processing, storage, network capacity, and other fundamental computing resources 9

The NIST Cloud Definition Framework Hybrid Clouds Deployment Community Private Models Public Cloud Cloud Cloud Software as a Platform as a Infrastructure as a Service Service (SaaS) Service (PaaS) Service (IaaS) Models On Demand Self-Service Essential Broad Network Access Rapid Elasticity Characteristics Resource Pooling Measured Service Massive Scale Resilient Computing Homogeneity Geographic Distribution Common Characteristics Virtualization Service Orientation Low Cost Software Advanced Security 10 10

Advantages of Cloud Computing  Lower Costs  Reduce owned infrastructure  Reduce personnel  Increase Computing Capabilities  Large scale storage/massive processing  Flexibility – rapid deployment  Specialized tools/applications/services  Solves Problems  Technology on demand 11

Disadvantages of Cloud Computing - Control  Bottom line – Third party has data  Loss of physical control  Security – Access restriction/control  Auditability – visibility  Forensic access  Still responsible legally for data handling  Still legally in control  Discovery obligations  Regulatory compliance 12

Disadvantages of Cloud Computing – Cloudiness  Who has data  Cloud service provider  Data center provider  More parties – backup provider – consultants  Financial viability - Robust systems  Where is data  Multiple providers  Different states/countries  How is it being handled  Co- mingling with other customer’s data  Backup policy/retention  Permissions/Export/Transfer 13

Cautionary Tale: Liquid Motors, Inc. v. Lynd , No.3:09-cv-0611-N (N.D. Tex. April 3, 2009)  FBI executed search warrant, raided Liquid Motors (LM) building, seized all equipment  LM was not suspected of any wrongdoing  Seizure and removal of equipment prevented LM from conducting business – LM clients who relied on the hosting service also suffered interruption  LM applied for temporary restraining order and return of equipment  Court found probable cause for FBI’s retention of equipment, denied application, ordered storage array returned within three days (after being copied), ordered “other servers” and second storage array copied and returned to LM “as soon as possible” 14

Questions to ask Cloud Provider – as a start  Will my data be in the same database as other customers?  Will you commit to segregating our company data  How do you deal with differences in retention periods between customers?  When you perform backups, will my data be co-mingled with the data from other companies on the same tape?  What is your retention period for your backup tapes?  When backup tapes reach the end of the retention period, how many months is it before you re-use them?  Where will my data reside?  Will you commit to a set location  Can you provide me information of data center provider 15

Possession, Custody, Control 16

Possession, Custody and Control  Under Rule 34, Control does not require that the party have legal ownership or actual physical possession of the documents at issue.  Documents are considered to be under a party’s control when that party has the right, authority, or practical ability to obtain the documents from a non-party to the action.  A contract about document handling is sufficient to establish party control over documents in the possession of a third party. 17

Possession, Custody and Control  With material in cloud, no physical custody, but legal control  Legal control in form of agreement/contract for cloud services  Irony is that you could have legal control (or entitlement), but might not have “practical ability” to get documents  Contract should spell out precisely how get and who pays  Must understand how data is stored to avoid surprises since you are legally in “control” 18

Preservation 19

Zubulake : Preservation Standard “Once a party reasonably anticipates litigation , it must • suspend its routine document retention/destruction policy and put in place a ‘litigation hold’ to ensure the preservation of relevant documents.” Zubulake v. UBS Warburg, LLC, 229 F.R.D. 422, 431 (S.D.N.Y. 2004). “The obligation to preserve evidence arises when the • party has notice that the evidence is relevant to litigation or when a party should have known that the evidence may be relevant to future litigation.” Zubulake v. UBS Warburg LLC, 220 F.R.D. 212 (S.D.N.Y. 2003) 20

Legal Holds  Start with Document Retention Policy  Understand Policy v. Practice  Coordinate with Records Manager or IT  Whom do you tell?  “Key” Custodians  Data Stewards: Including Cloud Providers  Evolving Process  Revisit at Critical Stages 21

Legal Holds  How do you tell them?  In Writing  Depends on Culture  What do you tell them?  Describe the Case  Document Categories  Instructions for Technical Handling  Consequences/Contact Information  Follow up  Follow up Notices  Interviews 22

Cyntegra, Inc. v. Idexx Labs., Inc., 2007 WL 5193736 (C.D. Cal. Sept. 21, 2007)  Data stored on third- party’s server was deleted when Plaintiff failed to make payments  Defendant moved for spoliation sanctions  Among other things, Plaintiff alleged it did not have control of the documents for purpose of preservation 23