Storing information in "the cloud" has become second-nature for many organizations, but the legal profession is still working to catch up. Cloud usage has slowly crept up for law firms, with about 54% of firms reporting they used the cloud in 2018.
Regulators and courts have not yet had the opportunity to address e-discovery in the cloud. However, we can apply recent principles to craft a new approach to e-discovery that takes advantage of the cloud's unique qualities to deliver a more efficient, secure, and cost-effective data management strategy.
Here are five important points for law firms and businesses to consider when preparing to take advantage of cloud computing:
Tip #1: Have an escape plan.
Know how to get your data out, whether for discovery, compliance, or change in provider. Having a plan is necessary to ensure that collection and production activities are consistent, efficient, and simple to explain to opposing counsel and regulators. The same advantages apply when describing data privacy and security to clients.
A plan also will help skirt major delays, data misappropriation or loss in the event of a change in cloud providers.
Tip #2: Use this opportunity to clean house.
Most firms and companies have been doing e-discovery on the fly for the last eight to ten years, updating and improving their e-discovery capabilities in a piecemeal fashion. During this time, the standards for preservation and collection have grown in clarity and significance.
Moving to the cloud is a great opportunity to rebuild a highly efficient data management architecture that complies with current legal standards. Data should be organized into a comprehensive and easily navigable map to bring it into a new management regime. Obsolete data should be removed to reduce hosting costs, eliminate the risk of loss, and narrow the field for potential collections.
Tip #3: Set standards for who can use cloud data and when.
Migration also provides an opportunity to draft a new access policy that will govern the data heading for the cloud - one that is easy to understand and implement.
Cloud data can be largely protected from employee mismanagement if employees are given access to the files they need and denied access to data unrelated to their job. Additionally, there must be clear controls in place for quickly revoking access when employees leave the organization.
Tip #4: Have an e-discovery "Shampoo Plan."
Create and test a response plan before moving to the cloud.
Your e-discovery obligations in the cloud are the same as those for data hosted within the enterprise. You need to confirm the ability to manage, locate, and collect potentially relevant data in a defensible method. This holds true for unstructured and structured information stored electronically.
Additionally, timed e-discovery exercises should be conducted to evaluate the data transfer rate and a provider's ability to physically ship data. With enterprise data volumes continuing to increase in size, the bandwidth required to service large collections must be known and available.
Call this your e-discovery "shampoo plan": lather, rinse, repeat . . . or design, test, repeat.
Tip #5: Know where everything is.
Maintain accurate data and system maps. It is imperative for cloud data to be accurately mapped, as cloud storage is organized logically and not physically - a powerful advantage if handled properly. A logical data map will allow organizations to avoid accidentally turning over unrelated or private data, but only if the map is designed properly and actively maintained. Plus, having an accurate data map makes tips #1-4 possible.