Cloud Computing: E-Discovery Challenges Best Practices to Minimize - - PowerPoint PPT Presentation

Cloud Computing: E-Discovery Challenges

Best Practices to Minimize Pitfalls in Identification, Preservation and Collection of ESI

Today’s faculty features:

1pm Eastern | 12pm Central | 11am Mountain | 10am Pacific

The audio portion of the conference may be accessed via the telephone or by using your computer's

• speakers. Please refer to the instructions emailed to registrants for additional information. If you

have any questions, please contact Customer Service at 1-800-926-7926 ext. 10.

WEDNESDAY, OCTOBER 24, 2012

Presenting a live 90-minute webinar with interactive Q&A

Todd Nunn, Partner, K&L Gates, Seattle Tanya Forsheit, Partner, Information Law Group, Manhatten Beach, Calif.

Sound Quality If you are listening via your computer speakers, please note that the quality of your sound will vary depending on the speed and quality of your internet connection. If the sound quality is not satisfactory and you are listening via your computer speakers, you may listen via the phone: dial 1-866-869-6667 and enter your PIN -when prompted. Otherwise, please send us a chat or e-mail sound@straffordpub.com immediately so we can address the problem. If you dialed in and have any difficulties during the call, press *0 for assistance. Viewing Quality To maximize your screen, press the F11 key on your keyboard. To exit full screen, press the F11 key again.

For CLE purposes, please let us know how many people are listening at your location by completing each of the following steps:

• In the chat box, type (1) your company name and (2) the number of

attendees at your location

• Click the SEND button beside the box

FOR LIVE EVENT ONLY

If you have not printed the conference materials for this program, please complete the following steps:

• Click on the + sign next to “Conference Materials” in the middle of the left-

hand column on your screen.

• Click on the tab labeled “Handouts” that appears, and there you will see a

PDF of the slides for today's program.

• Double click on the PDF and a separate page will open.
• Print the slides by clicking on the printer icon.

Cloud Computing and E-Discovery

Todd L. Nunn e-Discovery Analysis and Technology Group, K&L Gates, Seattle 206.370.7616 todd.nunn@klgates.com

6

Cloud Computing E-Discovery - Contents

• Cloud Computing Introduction
• Possession, Custody and Control
• Litigation Holds/26(f) Conference/Collection
• Use and Admissibility
• Jurisdiction
• Third-party Subpoenas

7

What is Cloud Computing?

• “Cloud computing comes into focus only when you think

about what IT always needs: a way to increase capacity

• r add capabilities on the fly without investing in new

infrastructure, training new personnel, or licensing new

• software. Cloud computing encompasses any

subscription-based or pay-per-use service that, in real time over the Internet, extends IT’s existing capabilities.”

• Knorr, Galen, “What cloud computing really means”, Infoworld (4/7/2008)

8

What is Cloud Computing?

• “The very definition of cloud computing remains
• controversial. Consulting firm Accenture has crafted a

useful, concise definition: the dynamic provisioning of IT capabilities (hardware, software, or services) from third parties over a network.”

• “Cloud computing is a computing model, not a

technology.”

• Fogarty, “Cloud Computing Definitions and Solutions”, CIO.com

(9/10/2009).

9

Types of Cloud Computing Services - NIST

• Cloud Software as a Service (SaaS)
• Use provider’s applications over a network
• Cloud Platform as a Service (PaaS)
• Deploy customer-created applications to a cloud
• Cloud Infrastructure as a Service (IaaS)
• Rent processing, storage, network capacity, and
• ther fundamental computing resources

10

The NIST Cloud Definition Framework

10

Community Cloud Private Cloud Public Cloud Hybrid Clouds Deployment Models Service Models Essential Characteristics Common Characteristics Software as a Service (SaaS) Platform as a Service (PaaS) Infrastructure as a Service (IaaS) Resource Pooling Broad Network Access Rapid Elasticity Measured Service On Demand Self-Service Low Cost Software Virtualization Service Orientation Advanced Security Homogeneity Massive Scale Resilient Computing Geographic Distribution

11

Advantages of Cloud Computing

• Lower Costs
• Reduce owned infrastructure
• Reduce personnel
• Increase Computing Capabilities
• Large scale storage/massive processing
• Flexibility – rapid deployment
• Specialized tools/applications/services
• Solves Problems
• Technology on demand

12

Disadvantages of Cloud Computing - Control

• Bottom line – Third party has data
• Loss of physical control
• Security – Access restriction/control
• Auditability – visibility
• Forensic access
• Still responsible legally for data handling
• Still legally in control
• Discovery obligations
• Regulatory compliance

13

Disadvantages of Cloud Computing – Cloudiness

• Who has data
• Cloud service provider
• Data center provider
• More parties – backup provider – consultants
• Financial viability - Robust systems
• Where is data
• Multiple providers
• Different states/countries
• How is it being handled
• Co-mingling with other customer’s data
• Backup policy/retention
• Permissions/Export/Transfer

14

Cautionary Tale: Liquid Motors, Inc. v. Lynd, No.3:09-cv-0611-N (N.D. Tex. April 3, 2009)

• FBI executed search warrant, raided Liquid

Motors (LM) building, seized all equipment

• LM was not suspected of any wrongdoing
• Seizure and removal of equipment prevented LM from

conducting business – LM clients who relied on the hosting service also suffered interruption

• LM applied for temporary restraining order and return of

equipment

• Court found probable cause for FBI’s retention of

equipment, denied application, ordered storage array returned within three days (after being copied), ordered “other servers” and second storage array copied and returned to LM “as soon as possible”

15

Questions to ask Cloud Provider – as a start

• Will my data be in the same database as other customers?
• Will you commit to segregating our company data
• How do you deal with differences in retention periods

between customers?

• When you perform backups, will my data be co-mingled with

the data from other companies on the same tape?

• What is your retention period for your backup tapes?
• When backup tapes reach the end of the retention period,

how many months is it before you re-use them?

• Where will my data reside?
• Will you commit to a set location
• Can you provide me information of data center provider

16

Possession, Custody, Control

17

Possession, Custody and Control

• Under Rule 34, Control does not require that the party

have legal ownership or actual physical possession of the documents at issue.

• Documents are considered to be under a party’s control

when that party has the right, authority, or practical ability to obtain the documents from a non-party to the action.

• A contract about document handling is sufficient to

establish party control over documents in the possession of a third party.

18

Possession, Custody and Control

• With material in cloud, no physical custody, but

legal control

• Legal control in form of agreement/contract for

cloud services

• Irony is that you could have legal control (or

entitlement), but might not have “practical ability” to get documents

• Contract should spell out precisely how get and who

pays

• Must understand how data is stored to avoid

surprises since you are legally in “control”

19

Preservation

20

Zubulake: Preservation Standard

• “Once a party reasonably anticipates litigation, it must

suspend its routine document retention/destruction policy and put in place a ‘litigation hold’ to ensure the preservation of relevant documents.” Zubulake v. UBS Warburg, LLC, 229 F.R.D. 422, 431 (S.D.N.Y. 2004).

• “The obligation to preserve evidence arises when the

party has notice that the evidence is relevant to litigation or when a party should have known that the evidence may be relevant to future litigation.” Zubulake

• v. UBS Warburg LLC, 220 F.R.D. 212 (S.D.N.Y. 2003)

21

Legal Holds

• Start with Document Retention Policy
• Understand Policy v. Practice
• Coordinate with Records Manager or IT
• Whom do you tell?
• “Key” Custodians
• Data Stewards: Including Cloud Providers
• Evolving Process
• Revisit at Critical Stages

22

Legal Holds

• How do you tell them?
• In Writing
• Depends on Culture
• What do you tell them?
• Describe the Case
• Document Categories
• Instructions for Technical Handling
• Consequences/Contact Information
• Follow up
• Follow up Notices
• Interviews

23

Cyntegra, Inc. v. Idexx Labs., Inc., 2007 WL 5193736 (C.D. Cal. Sept. 21, 2007)

• Data stored on third-party’s server was deleted

when Plaintiff failed to make payments

• Defendant moved for spoliation sanctions
• Among other things, Plaintiff alleged it did not have

control of the documents for purpose of preservation

24

Cyntegra, Inc. v. Idexx Labs., Inc., Cont.

“Similarly, Plaintiff had sufficient control and legal right over the deleted files to constitute fault. Plaintiff contracted to store business documents on NetNation’s computer servers. At least until March 7, 2006, when payment was discontinued, Plaintiff could direct the flow of information to and from NetNation’s

• servers. Because Plaintiff could have anticipated the possibility
• f litigation by this time, it had an affirmative duty to make

payments and preserve the evidence. Plaintiff cannot bypass this duty by abandoning its documents to a third-party and claiming lack of control. . . . A contractual relationship with a third-party entity provides, at a minimum, an obligation to make reasonable inquiry of the third party entity for the data at issue.”

25

Legal Holds

• Document management/Litigation response plan must take cloud services into

account

• Talk to custodians about what they use/how they store
• Contract with Cloud provider should be specific about how legal holds will be

handled/charged

• Specific of how any deletion will be discontinued
• How handle preservation of your data, while handling co-mingled data
• Must understand retention periods, back up practices, co-mingling of data,

redundancy of systems, security practices of cloud provider

• Provider failing or being taken off line during preservation period could be found to be

spoliation

• Preservation periods could be years long, how maintain/transfer
• Legacy ESI

Cloud Let’s The Issue

26

Federal Rule 26(f)

• “In conferring the parties must … discuss any issues

about preserving discoverable information …”

• 26(f) Advisory Committee Notes
• discussion of ESI will involve nature of parties’

information systems

• “It may be important for the parties to discuss those

systems, and accordingly important for counsel to become familiar with those systems before the conference.”

27

Federal Rule 26(f)

• Advisory Committee Notes
• Reasonableness should guide preservation efforts
• “The parties’ discussion should pay particular

attention to the balance between the competing needs to preserve relevant evidence and to continue routine operations critical to ongoing activities.”

• Recommends parties’ goal should be to agree to

“reasonable preservation steps” taking all considerations into account

28

Rule 26(f) Conferences

• Due diligence to understand how cloud provider is

storing data

• Must understand cloud provider system to meet

requirements of 26(f)

• If problematic features (slow collection, change

metadata, failed or lost data or provider), should flag in conference

Cloud Let’s The Issue

29

Inaccessible data – FRCP 26(b)(2)(B)

• Specific Limitations on Electronically Stored Information. A

party need not provide discovery of electronically stored information from sources that the party identifies as not reasonably accessible because of undue burden or cost. On motion to compel discovery or for a protective order, the party from whom discovery is sought must show that the information is not reasonably accessible because of undue burden or cost. If that showing is made, the court may nonetheless order discovery from such sources if the requesting party shows good cause, considering the limitations of Rule 26(b)(2)(C). The court may specify conditions for the discovery.

30

Inaccessible data – FRCP 26(b)(2)(B)

• Advisory Committee Notes: “A party’s identification
• f sources of [ESI] as not reasonably accessible

does not relieve the party of its common-law or statutory duties to preserve evidence. Whether a responding party is required to preserve unsearched sources of potentially responsive information that it believes are not reasonably accessible depends on the circumstances of each

• case. It is often useful for the parties to discuss this

issue early in discovery.”

31

Calixto v. Watson Bowman Acme Corp., 2009 WL 3823390 (S.D.Fla. 2009)

• Defendant argued backup tapes were inaccessible because
• f undue burden or cost
• Vendor estimate for restoring and searching: $40,000 + all

expense to review for relevance and privilege

• Found inaccessible
• No “good cause” found because material likely duplicative

given time frame and evidence of defendant’s preservation

• But one backup tape from earlier time period found not

inaccessible because cost of restoring and reviewing one tape not burdensome, and evidence of no duplication of material

32

Starbuck’s v. ADT Security Services, 2009 WL 4730798 (W.D. Wash.)

• Used a Zantaz e-mail archive system for certain time

period –Plasmon System

• 500 double sides DVDs accessed by a robot arm
• Very slow and laborious to retrieve – but still in use
• ADT argued that archive was inaccessible
• Court held archive not inaccessible
• Court did not find time or expense estimates credible
• Because still in use – held must be accessible
• Cannot relieve party of duty to produce those documents

merely because has chosen a means to preserve which makes ultimate production of documents expensive

33

Inaccessible Data

• Burden is on data owner to show inaccessibility
• Agreement should be specific about costs for litigation

support

• Not inaccessible just because ESI hard/expensive to get
• Must understand what cloud provider has and how it works to

support argument of inaccessibility

• Arguments that data is redundant
• Support specific arguments regarding expense

Cloud Let’s The Issue

34

Collection

35

Collection of ESI

• Collect by custodian
• Full collection
• Self collection
• Collect by search terms
• Sweep and keep systems
• File shares
• Non-custodial sources
• Databases
• Cloud sources
• Preservation of metadata and file

structure

36

Collection

• Ability to collect completely as important under federal case law
• Understand where data is stored
• Need to be able to identify custodian material and track what is

collected

• Speed of collection
• Collection in bulk or custodian-by-custodian/document-by-document
• Format - does cloud storage change metadata
• What metadata is provided
• Will provider be able to prove nothing was deleted - audit

Cloud Let’s The Issue

37

Authentication

38

Procedure of Authentication

• Authenticity under 104(b)
• Judge makes preliminary determination
• Based on admissible evidence
• Sufficient evidence to support a jury finding of relevance
• Court need not find that the evidence is necessarily what the

proponent claims, but only that there is sufficient evidence that the jury ultimately might do so

39

Authentication

• Evidence rules on authentication apply to ESI in the

same way as other evidence

• Rules are the same for paper and ESI
• Three methods of authentication refer to computer

based evidence in advisory notes (federal)

• 901(b)(7) (public records and reports)
• 901(b)(8) (ancient documents or data compilations)
• 901(b)(9) (processes or systems)

40

Rule 901. Requirement of Authentication or Identification

• (a) General provision.—The requirement of

authentication or identification as a condition precedent to admissibility is satisfied by evidence sufficient to support a finding that the matter in question is what its proponent claims.

• (b) Illustrations.—By way of illustration only, and not

by way of limitation, the following are examples of authentication or identification conforming with the requirements of this rule:

41

Available Methods to Authenticate ESI, cont’d.

• Rule 902: Self-Authentication: “Extrinsic evidence of

authenticity as a condition precedent to admissibility is not required with respect to the following:”

• Does not require the sponsoring testimony of any

witness

• Opposing party may still challenge authenticity
• Provisions most commonly used for ESI:
• 902(d): Official publications (e.g., Census Bureau)
• 902(g): Trade inscriptions (e.g. business e-mails)

42

Internet Website Postings/Social Media

• 901(b)(1): Witness with personal knowledge
• 901(b)(3): Expert testimony
• 901(b)(4): Distinctive characteristics
• 901(b)(7): Public records
• 901(b)(9): System or process capable of producing

a reliable result

• 902(5): Official publications
• 902(11): Business Records

43

Other Methods of Establishing Authenticity

• Examples listed in Rules 901 and 902 are illustrative
• nly, not exhaustive
• Court may hold that documents produced by a party

in discovery are presumed to be authentic, shifting the burden to the producing party to show that the evidence they produced was not authentic

• Court may take judicial notice under Rule 201 of

certain foundational facts needed to authenticate an electronic record

44

Other Approaches to Authenticity

• Request opponent to admit the genuineness of the

evidence through CR 36 Requests for Admission

• Make request at pretrial conference that opponent

agree to stipulate “regarding the authenticity of documents”

• Disclose electronic evidence in ER 904 pretrial

disclosures of documents; if opponent does not

• bject within 14 days, any authenticity objections

are waived

45

Deal with Authentication Early

• Party’s own records
• At time of collection, production
• When identifying/interviewing witnesses
• Subpoenas
• Limited access and leverage on witnesses
• Send form declarations
• Use records depositions
• Get stipulations

46

Use and Admissibility

• Will you have the information to satisfy the

authentication under 901 and 902

• Key is security and access controls
• Is there visibility into this for provider
• Who at provider will execute a declaration required

under authentication rules

• Contract should provide for this support

Cloud Let’s The Issue

47

Jurisdiction

48

Where is your data?

• Location of data may control conditions of

disclosure

• EU & Other data protection laws could affect your

use and transfer of data

49

Can cloud computing affect personal jurisdiction? Perhaps. Forward Foods LLC v. Next Proteins, Inc, 873 N.Y.S.2d 511 (N.Y. Sup. Ct. 2008)

• In furtherance of sale of business, defendant set up

“virtual data room” which made important documents available to interested parties

• Plaintiff utilized data room to view documents before

finalizing purchase

• Purchased business underperformed, Plaintiff filed suit
• Defendant moved to dismiss for lack of personal

jurisdiction

50

Forward Foods LLC v. Next Proteins, Inc.

Here, Defendants’ contacts with New York amount to a visit by Jason Stephens, Director of Health and Fitness sales channel, a virtual data room where Defendants uploaded documents for Emigrant to review in New York, and several emails containing additional documents sent to Emigrant in New York. It is undisputed that the meeting between Jason Stephens and Emigrant in New York did concern the sale of Defendants’ business to Plaintiff and that Defendants followed up on the meeting with additional emails to New York. Plaintiffs correctly argue that Defendants maintained sufficient contacts with the state of New York and have clearly transacted business within the state such that personal jurisdiction over Defendants under CPLR § 302(a)(1) would be appropriate.

* Case dismissed for forum non conveniens

51

Third-Party Subpoenas

52

The Stored Communications Act: 18 U.S.C. § 2701 et seq.

• Regulates disclosure of content and non-content information by two

types of providers:

• Electronic Communication Service (ECS)
• Remote Computing Service (RCS)
• Regulations differ depending on provider type
• Generally content will not be disclosed absent consent (who can give

consent depends on provider)

• Other more rarely used exceptions may also apply
• Civil subpoena is not an exception requiring disclosure: See e.g., Special

Markets Ins. Consultants, Inc. v. Lynch, No. 11 C 9181, 2012 WL 1565348 (N.D. Ill. May 2, 2012)

• Non-content information, however, may be disclosed pursuant to a

subpoena

53

Seeking Content? Compel Consent (or Use Rule 34): Flagg v. City of Detroit, 252 F.R.D. 346 (E.D. Mich. 2008)

• Defendants alleged SCA prohibited any disclosure of content of text messages

absent consent, which Defendant sought to withhold

• Court ruled that City could be compelled to provide necessary consent for

disclosure: “In any event, even if Defendants are correct in their contention that SkyTel cannot produce any communications in this case without the “lawful consent” called for under § 2702(b)(3), the Court finds that the Defendant City has both the ability and the obligation to secure any such consent that the SCA may require.”

• Courts analysis relied heavily on question of “control” pursuant to Rule 34 –

Defendants had control of the content such that they could consent to disclosure

• Court counseled that a Rule 34 request directly to a party was a more

“straightforward path” and avoided many sticky questions under the SCA

54

Does control and consent analysis apply to non-parties? Yes.

Thomas v. Deloitte Consulting LP, 2004 WL 1372954 (N.D. Tex. June 14, 2004)

• Defendant sought production of bank records from non-parties
• Court ordered production of documents or authorization for bank to

disclose: Rule 45(a) requires a person served with a subpoena to produce all responsive, non-privileged documents in his “possession, custody or control.” FED. R. CIV. P. 45(a)(1)(C). This rule is broadly construed to encompass both actual and constructive

• possession. . . . CHS and FPI make no argument that they do not

have a legal right to obtain bank statements and checks from Bank

• f America and Regions Bank. The court will require that they do

so or, alternatively, execute authorizations to enable defendant to

• btain these documents directly from the banks.

55

Criminal Investigations are Different: Twitter v. Harris, 2011NY080152 (N.Y. Crim. Ct. 2012)

• NY Court ordered production of content and non-content

information from Twitter

• Held account owner did not have standing to quash Twitter

subpoena

• No proprietary interest
• No privacy interest
• Production was ordered pursuant to 18 U.S.C. § 2703(d)

(court order): court order is available to “governmental entities” under this provision

• Despite objection, Twitter finally produced the materials after

being threatened with contempt and sanctions

56

Seeking Non-Content Information? Serve a Subpoena: Achte/Neunte Boll Kino Beteiligungs GMBH & Co. v. Does 1-4577, 736 F. Supp. 2d 212 (D.D.C. 2010)

• Court granted leave to serve Rule 45 subpoenas on ISPs

seeking to obtain “information sufficient to identify each Defendant, including name, current (and permanent) addresses, telephone numbers, email addresses and Media Access Control addresses”

• District Court denied subsequent Motion to Quash

brought by non-parties whose information would be produced

57

Beluga Shipping GMBH & CO. KS “Beluga Fantastic” v. Suzlon Energy, Ltd., 2010 WL 3749279 (N.D. Cal. Sept. 23, 2010)

• Foreign party sought to compel emails and records related to accounts
• f foreign cross-defendants
• Google, based on inability to comply, sought to intervene
• Court held contents of emails could not be disclosed without

subscriber’s consent and granted motion to intervene, but ordered production of documents reflecting: when the accounts were created, the names of the account holders as provided to Google, the countries from which the specific email accounts were created

• Google instructed to “preserve the snapshot of the emails in the

specific Gmail accounts set forth above” pending further showing of consent by account holders

58

www.ediscoverylaw.com

2012

Cloud Computing E-Discovery Challenges

Implications for Cloud Computing Contracts

October 24, 2012

Tanya L. Forsheit, Esq., CIPP/US

Founding Partner, InfoLawGroup LLP www.infolawgroup.com tforsheit@infolawgroup.com 310.706.4121

SEGALIS PLLC

E-Discovery Implications for Cloud Computing Contracts

• Contractual Considerations
• Searchability/Availability/Forensics
• Preservation/Integrity/Authentication
• Return and Secure Disposal
• Subpoenas, Control and Access
• Extended/Multi-Level Relationships
• Right to Conduct Forensic Exam
• Cross-Border Data Transfers
• Sample Provisions

60

SEGALIS PLLC

Searchability/Availability/Forensics

• “Searchability” and availability of data in cloud
• Forensic assessment (identifying, collecting and

preserving data) in cloud context

• Metadata

61

SEGALIS PLLC

Preservation, Authentication and Data Integrity

For purposes of meeting evidence preservation requirements, and discovery obligations in litigation and government investigations, it may be important for a cloud services contract to require that a cloud provider preserve information and provide the customer with access to the information in the form in which it is maintained in the

• rdinary course of business, sometimes on short notice.

62

SEGALIS PLLC

Preservation, Authentication and Data Integrity (cont.)

• Duplication/Replication Issues. You may have many extra

copies of data in many additional locations. This could increase the scope of company preservation obligations (especially if information is not disposed of pursuant to routine records retention schedule).

• Data Authentication and Integrity. If multiple copies are made

(without your knowledge), it may be difficult to ascertain which is the “original” (also consider timing issues/server settings).

63

SEGALIS PLLC

Return/Disposal

Like other outsourcing agreements, cloud contracts should provide for return and/or secure disposal of the information in accordance with the customer’s directions.

64

SEGALIS PLLC

Access-Extended/Multi-Level Relationships

• Extended Cloud Relationships- Cloud providers use
• ther cloud providers
• Ensure ability to access data when several levels

removed

• Where is the data actually being stored, processed

and transmitted?

• Has the “direct” cloud provider secured rights to

ensure that it can preserve/gather data?

65

SEGALIS PLLC

Cross-Border Data Transfers

• What happens when the data resides in another country?
• Conflicting EU Privacy Laws and Blocking Statutes
• Contracts Insufficient to Address
• Need Safe Harbor/Standard Contractual Clauses/BCRs
• Still may not be able to process data for US discovery

66

SEGALIS PLLC SAMPLE PROVISIONS

67

SEGALIS PLLC

Preservation, Return, and Secure Disposal of Information

“Service Provider shall preserve any information provided by Customer to Service Provider, including but not limited to any metadata, in accordance with Customer’s instructions and requests, including without limitation any retention schedules and/or litigation hold orders provided by Customer to Service Provider, independent of where the information is stored (specifically, and without limitation, even where such information resides with or is held, processed or stored by a service provider, sub-contractor, vendor, or other third party).”

68

SEGALIS PLLC

Preservation/Integrity, Return and Secure Disposal of Information (cont.)

“Service Provider shall take reasonable steps to ensure proper destruction (such that information is rendered unusable and unreadable) and return of information to Customer in a format requested by Customer and at Service Provider’s expense when it is no longer needed to perform services pursuant to the Agreement or [x] days following termination of the Agreement. Service Provider shall provide written certification that all such information has been returned and deleted.”

69

SEGALIS PLLC

Subpoenas, Control and Access

“Service Provider shall cooperate with Customer in responding to any party, non- party, or government request for information, including but not limited to metadata, provided by Customer to Service Provider. In the event that such requests are served on Customer, Service Provider shall provide Customer with access to such information in the format in which it is maintained in the ordinary course of business (or, on Customer’s request, with copies) within [x] hours of receipt of any request by Customer for such access or copies. In the event that such a request (in the form of a subpoena, order or otherwise) is provided to or served on Service Provider, Service Provider shall notify Customer in writing by electronic mail to [INSERT EMAIL ADDRESS] immediately and in no event more than [x] hours after receiving the request, subpoena or order. Such notification must include a copy of the request, subpoena or court order.”

70

SEGALIS PLLC

Subpoenas, Control and Access (cont.)

• “Service Provider also shall immediately inform in writing the

third party who caused the request, subpoena or order to issue or be provided or served on Service Provider that some or all the material covered by the request, subpoena

• r order is the subject of a nondisclosure agreement.”
• “Service Provider shall cooperate with Customer in seeking

any protection from disclosure for such information that Customer shall deem appropriate.”

71

SEGALIS PLLC

Authentication

“In the event that Customer is required to authenticate any of the information, including without limitation metadata, provided by Customer to Service Provider, Service Provider shall cooperate with Customer in providing any requested assistance with such authentication, including without limitation testifying (by affidavit, declaration, deposition, in court, or otherwise) as a custodian of records to authenticate the information, establish chain of custody, and/or provide any

• ther requested information.”

72

SEGALIS PLLC

Want More?

• Please feel free to contact:
• Tanya L. Forsheit
• tforsheit@infolawgroup.com
• (310) 706-4121

73

2012

Cloud Computing E-Discovery Challenges

Implications for Cloud Computing Contracts

October 24, 2012

Tanya L. Forsheit, Esq., CIPP/US

Founding Partner, InfoLawGroup LLP www.infolawgroup.com tforsheit@infolawgroup.com