Close
Enter your
text here

Electronic Discovery

eDiscovery Trends: Myth of SaaS Insecurity Finally Busted

Eleven years ago, when I first began talking to attorneys about hosting document collections online to manage the review and production process for discovery, the typical response that I got was “I would never consider putting my client’s documents online – it’s just not secure”.  Let’s face it – lawyers are not exactly early adopters of technology… 😉

These days, few folks seem to have that concern any more when it comes to putting sensitive data and documents online.  Many people bank online, buy items from Amazon and other “etailers”, share pictures and other personal information on Facebook, etc.  As for business data, SalesForce.com has become the top customer relationship management (CRM) application and many business users are using Google Docs to share documents with colleagues, as just two examples.

What do all of these applications have in common?  They are Software as a Service (SaaS) applications, delivering data and functionality via an online application.  As noted previously on this blog, a new IDC study forecasts the SaaS market to reach $40.5 billion by 2014, an annual growth rate of 25.3%.  Also by 2014, about 34% of all new business software purchases will be via SaaS applications, according to IDC.

SaaS review applications have also become increasingly popular in eDiscovery with several eDiscovery SaaS applications available that provide benefits including: no software to install, intuitive browser-based interfaces and ability to share the collection with your client, experts, and co-counsel without distributing anything more than a login.

As for security concerns, most litigators have come to accept that these systems are secure.  But, do they realize just how secure they are?

As an example, at Trial Solutions, the servers hosting data for our OnDemand® and FirstPass™ (powered by Venio FPR™) platforms are housed in a Tier 4 data center in Houston (which is where our headquarters is).  The security at this data center is military grade: 24 x 7 x 365 onsite security guards (I feel sorry for the folks who have to work this Saturday!), video surveillance, biometric and card key security required just to get into the building.  Not to mention a building that features concrete bollards, steel lined walls, bulletproof glass, and barbed wire fencing.  And, if you’re even able to get into the building, you then have to find the right server (in the right locked room) and break into the server security.  It’s like the movie Mission Impossible where Tom Cruise has to break into the CIA, except for the laser beams over the air vent (anyone who watches movies knows those can be easily thwarted by putting mirrors over them).  To replicate that level of security infrastructure would be cost prohibitive for even most large companies.

From the outside, SaaS applications secure data with login authentication and Secured Sockets Layer (SSL) encryption.  SSL encryption is like taking a piece of paper with text on it, scrambling the letters on that piece of paper and then tearing it up into many pieces and throwing the scraps into the wind.  To intercept a communication (one request to the server), you have to intercept all of the packets of a communication, then unscramble each packet individually and then reassemble them in the correct order.

Conversely, desktop review application data could be one stolen laptop away from being compromised.  No wonder why nobody talks about security concerns anymore with SaaS applications.

So, what do you think?  How secure is your document collection?  Please share any comments you might have or if you’d like to know more about a particular topic.

Happy Holidays from all of us at Trial Solutions and eDiscovery Daily!

eDiscovery Project Management: Effectively Manage your Time
 

Of all the project management techniques and activities we’ve discussed in the past weeks in this blog series, this is the one that gives many people the most trouble.   There is no set of rules I can list that’s going to work well for everyone.  I can, however, give you some tips to consider that may improve your time management skills: 

  • Be organized.  Use tools like calendars, to-do lists, email alarms and project management software to keep on top of all of the balls you need to keep in the air.
  • When possible, follow a routine and work from a plan.  Start each day with your door closed for 15 minutes to plan your day.  Set reasonable goals for the day and include time to respond to emails, return phone calls, review status reports, and to deal with the inevitable, unexpected situations that arise.
  • Delegate whenever you can.  For every thing you have to do determine if it can be delegated, to whom, and if that person can take it on.  If you delegate a task, define it well, give clear instructions, get agreement, make due-dates clear, and define authority levels (let the person to whom you are delegating know what they can make decisions on and what they need to come to you with).
  • Keep track of what you are doing.  I always maintain a project diary where I document my activity.
  • Effectively facilitate meetings.  Don’t let meetings for which you are responsible run over the scheduled time.  Prepare an agenda and distribute it.  Start the meeting on time.  Up front, state the purpose of the meeting and describe the goals.  Don’t let the discussion get off track.
  • Use standard materials and templates, such as project planning meeting agendas and reports, questionnaires to collect case information, technology surveys, requests for proposals, and status reports.

Managing your time effectively is critical, and it will set a good example for your staff.  When I feel overwhelmed, I find that stepping back, prioritizing tasks and adjusting my to-do list helps.  Always keep the big picture in mind when you caught up in chaos, and don’t sweat the small stuff

What do you think?  Do you have good tips for managing your time?  Please share any comments you might have or tell us if you’d like to know more about a topic.

eDiscovery Trends: Social Media in Litigation

Yesterday, we introduced the Virtual LegalTech online educational session Facing the Legal Dangers of Social Media and discussed what factors a social media governance policy should address.  To get background information regarding the session, including information about the speakers (Harry Valetk, Daniel Goldman and Michael Lackey), click here.

The session also addressed social media in litigation, discussing several considerations about social media, including whether it’s discoverable, how it’s being used in litigation, how to request it, how to preserve it, and how to produce it.  Between wall postings, status updates, personal photos, etc., there’s a lot of content out there and it’s just as discoverable as any other source of ESI – depending on its relevance to the case and the burden to collect, review and produce.  The relevance of privacy settings may be a factor in the discoverability of this information as at least one case, Crispin v. Christian Audigier, Inc.,(C.D. Cal. May 26, 2010), held that private email messaging on Facebook, MySpace and Media Temple was protected as private.

So, how is social media content being used in litigation?  Here are some examples:

  • Show Physical Health: A person claiming to be sick or injured at work who has photos on their Facebook profile showing them participating in strenuous recreation activities;
  • Discrimination and Harassment: Statements made online which can be considered discriminatory or harassing or if the person “likes” certain groups with “hate” agendas;
  • False Product Claims: Statements online about a product that are not true or verifiable;
  • Verify or Refute Alibis: Social media content (photos, location tracking, etc.) can verify or refute alibis provided by suspects in criminal cases;
  • Pre-Sentencing Reports: Social media content can support or refute claims of remorse – in one case, the convicted defendant was sentenced more harshly because of statements made online that refuted his statements of remorse in the courtroom;
  • Info Gathering: With so much information available online, you can gather information about opposing parties, witnesses, attorneys, judges, or even jurors.  In some cases, attorneys have paid firms to ensure that positive information will bubble to the top when jurors “Google” those attorneys.  And, in Ohio, at least, judges may not only have Facebook friends, but those friends can include attorneys appearing before them (interesting…).

If possible, request the social media content from your opponent as the third-party provider will probably fight having to provide the content, usually citing the Stored Communications Act.  As noted previously on this blog, Facebook and Twitter have guidelines for requesting data – through subpoena and law enforcement agencies.

Social media content is generally stored by third-party Software as a Service (SaaS) providers (Facebook and Twitter are examples of SaaS providers), so it’s important to be prepared to address several key eDiscovery issues to proactively prepare to be able to preserve and produce the data for litigation purposes, just as you would with any SaaS provider.

So, what do you think?  Has your organization been involved in litigation where social media content was requested?  Please share any comments you might have or if you’d like to know more about a particular topic.

eDiscovery Trends: Social Media Policies to Manage Risk

As noted previously, ALM hosted another Virtual LegalTech online “live” day online last week.  We’ve talked about the session regarding Predictive Coding here and here.

Another session from last week’s “live” day was Facing the Legal Dangers of Social Media.  The speakers for this session were:

  • Harry A. Valetk: Internet Safety and Consumer Privacy Attorney, MetLife Privacy Office;
  • Daniel S. Goldman: Chair of Mayo Clinic’s business law practice group which oversees the corporate law, contracting and intellectual property functions of the Mayo Clinic legal department.; and
  • Michael E. Lackey, Jr.: Partner and co-chair of the Electronic Discovery and Records Management Practice for Mayer Brown LLP.

Establishing boundaries between your professional life and personal life continues to be more challenging as more personal information is available online.  The session cited a handful of cases where terminations resulted from postings on individuals’ personal social media accounts, one of which was challenged by the National Labor Relations Board (NLRB).  At least one state has rules in place – Section 201-d(2)(c) of New York’s Labor Law protects “legal recreational activities” engaged off-site during nonworking hours.

An interesting stat from the session was that “27% of employed Internet users now work for employer[s] with policies about how they may present themselves online”.  As noted previously in this blog, having a social governance policy in place is a good idea to govern use of outside email, chat and social media that covers what employees should and should not do.  From the session, here are some factors that a good social governance policy should address:

  • Educate: The social governance policy should be accessible and all employees should receive training with examples that illustrate what may not be obvious to everybody,
  • Plan for Crises: The speed and reach of social media means that a crisis will happen fast.  Identify a crisis team and develop a plan to react quickly.  When disgruntled employees of Domino’s pizza posted a video, showing them tainting food, Domino’s management reacted quickly.
  • Plagiarize:  Yes, plagiarize.  As in, there are many good ideas already implemented out there for social governance, don’t reinvent the wheel.
  • Use of Social Media During Work: Some companies will try to ban the use of social media during work by banning access to sites via work computers, but employees can simply access those sites on mobile devices, so it’s better to establish an expectation of level of acceptable use.
  • Preserve Customer Privacy: Any policy must stress the importance of this.
  • Identify Company Spokespersons: Establish who can speak on behalf of the company and make clear to others to stress that any views they espouse online are personal views.
  • Address the Blurring of Boundaries: Employees should not exhibit inappropriate behavior on social media when identified as employees, and there should be no association with the employer for any behavior incompatible with the brand/profession.
  • Business Confidentiality: Don’t discuss trade secrets or other confidential information online.  Even posting that you’re attending a meeting with a company that you’re negotiating with can violate NDA agreements.
  • Prohibit Employees from Speaking Anonymously: It’s considered unethical at best and may be an FTC violation at worst as John Mackey, Whole Foods CEO, found out back in 2007.
  • Don’t Harass: If it’s unacceptable behavior in the workplace, it’s unacceptable online.  Not to mention gutless.  And, employers can be liable if they’re aware of harassing behavior online and don’t act to address it.

Tomorrow, we’ll discuss the discoverability and use of social media content in litigation.  As noted with the predictive coding session, you can check out a replay of the session at the Virtual LegalTech site. You’ll need to register – it’s free – then login and go to the CLE Center Auditorium upon entering the site (which is up all year, not just on “live days”).  Scroll down until you see this session and then click on “Attend Now” to view the replay presentation.  You can also go to the Resource Center at the site and download the slides for the presentation.

So, what do you think?  Does your organization have a social media policy in place?  Please share any comments you might have or if you’d like to know more about a particular topic.

State eDiscovery Rules: States without eDiscovery Rules Changes

Last month, we noted how Oklahoma was the latest state to adopt new amendments to their Rules of Civil Procedure to address discovery of electronically stored information (ESI).  At the beginning of the new year, Wisconsin becomes the latest state to adopt eDiscovery rules (more to come on that in an upcoming blog post).

At that point, 37 out of 51 states (we’re considering District of Columbia a “state” for this consideration) will have adopted at least some procedural rules which address eDiscovery issues.  One of those states, Washington, has only enacted rules that address the non-waiver of the attorney-client privilege and attorney work product.

That leaves 14 states (including DC) that have not enacted any rules changes that address discovery of ESI.  They are (with current status, if known – at this point, most of these states have no available status information on eDiscovery adoption):

  • Colorado: The Colorado Supreme Court Committee on Rules of Civil Procedure reported in January 2008 no need for e-discovery rule amendments.  A limited pilot program involving only complex business and medical malpractice cases is reportedly being considered for district courts in the Denver area.
  • District of Columbia: The DC Court of Appeals has stayed the requirement that the Superior Court adhere to the Federal Rules (D.C. Code § 11-946) to enable the Superior Court and its advisory committee time to revise the local rules for eDiscovery. In November 2010, revisions were approved by the Superior Court and transferred to the Court of Appeals for final approval.
  • Georgia
  • Hawaii
  • Kentucky
  • Massachusetts: The eDiscovery subcommittee of the Supreme Judicial Court Rules Advisory Committee has finished a draft of eDiscovery rules which will be reportedly submitted to the entire Advisory Committee. If approved, it would then be published for comment. ESI has long been recognized as subject to discovery as a document, which is defined to include “data compilations.” See 49 Mass. Prac., Discovery § 7:1 (Electronic Discovery – Generally).
  • Missouri
  • Nevada
  • Oregon: On September 11, 2010, the Council on Court Procedures of the Oregon Supreme Court has released for public comment a limited proposal regarding electronic discovery.  After opportunity for comment, the proposal will be submitted to the Oregon Legislature for action, with enactment taking effect no earlier than January 1, 2012.
  • Pennsylvania
  • Rhode Island
  • South Carolina
  • South Dakota
  • West Virginia

It will be interesting to see how these remaining states progress and if any of them enact any eDiscovery rules in 2011.

So, what do you think?  Wondering what rules each of the other states have adopted?  Please share any comments you might have or if you’d like to know more about a particular topic.

eDiscovery Trends: Predictive Coding Strategy and Survey Results

Yesterday, we introduced the Virtual LegalTech online educational session Frontiers of E-Discovery: What Lawyers Need to Know About “Predictive Coding” and defined predictive coding while also noting the two “learning” methods that most predictive coding mechanisms use to predict document classifications.  To get background information regarding the session, including information about the speakers (Jason Baron, Maura Grossman and Bennett Borden), click here.

The session also focused on strategies for using predictive coding and results of the TREC 2010 Legal Track Learning Task on the effectiveness of “Predictive Coding” technologies.  Strategies discussed by Bennett Borden include:

  • Understanding the technology used by a particular provider:  Not only will supervised and active learning mechanisms often yield different results, but there are differing technologies within each of these learning mechanisms.
  • Understand the state of the law regarding predictive coding technology: So far, there is no case law available regarding use of this technology and, while it may eventually be the future of document review, that has yet to be established.
  • Obtain buy-in by the requesting party to use predictive coding technology: It’s much easier when the requesting party has agreed to your proposed approach and that agreement is included in an order of the court which covers the approach and also includes a FRE 502 “clawback” agreement and order.  To have a chance to obtain that buy-in and agreement, you’ll need a diligent approach that includes “tiering” of the collection by probable responsiveness and appropriate sampling of each tier level.

Maura Grossman then described TREC 2010 Legal Track Learning Task on the effectiveness of “Predictive Coding” technologies.  The team took the EDRM Enron Version 2 Dataset of 1.3 million public domain files, deduped it down to 685,000+ unique files and 5.5 GB of uncompressed data.  The team also identified eight different hypothetical eDiscovery requests for the test.

Participating predictive coding technologies were then given a “seed set” of roughly 1,000 documents that had previously been identified by TREC as responsive or non-responsive to each of the requests. Using this information, participants were required to rank the documents in the larger collection from most likely to least likely to be responsive, and estimate the likelihood of responsiveness as a probability for each document.  The study ranked the participants on recall rate accuracy based on 30% of the collection retrieved (200,000 files) and also on the predicted recall to determine a prediction accuracy.

The results?  Actual recall rates for all eight discovery requests ranged widely among the tools from 85.1% actual recall down to 38.2% (on individual requests, the range was even wider – as much as 82% different between the high and the low).  The prediction accuracy rates for the tools also ranged somewhat widely, from a high of 95% to a low of 42%.

Based on this study, it is clear that these technologies can differ significantly on how effective and efficient they are at correctly ranking and categorizing remaining documents in the collection based on the exemplar “seed set” of documents.  So, it’s always important to conduct sampling of both machine coded and human coded documents for quality control in any project, with or without predictive coding (we sometimes forget that human coded documents can just as often be incorrectly coded!).

For more about the TREC 2010 Legal Track study, click here.  As noted yesterday, you can also check out a replay of the session or download the slides for the presentation at the Virtual LegalTech site.

Full Disclosure: Trial Solutions provides predictive coding services using Hot Neuron LLC’s Clustify™, which categorizes documents by looking for similar documents in the exemplar set that satisfy a user-specified criteria, such as a minimum conceptual similarity or near-duplicate percentage.

So, what do you think?  Have you used predictive coding on a case?  Please share any comments you might have or if you’d like to know more about a particular topic.

eDiscovery Trends: What the Heck is “Predictive Coding”?
 

Yesterday, ALM hosted another Virtual LegalTech online "live" day online.  Every quarter, theVirtual LegalTech site has a “live” day with educational sessions from 9 AM to 5 PM ET, most of which provide CLE credit in certain states (New York, California, Florida, and Illinois).

One of yesterday’s sessions was Frontiers of E-Discovery: What Lawyers Need to Know About “Predictive Coding”.  The speakers for this session were:

Jason Baron: Director of Litigation for the National Archives and Records Administration, a founding co-coordinator of the National Institute of Standards and Technology’s Text Retrieval Conference (“TREC”) legal track and co-chair and editor-in-chief for various working groups for The Sedona Conference®;

Maura Grossman: Counsel at Wachtell, Lipton, Rosen & Katz, co-chair of the eDiscovery Working Group advising the New York State Unified Court System and coordinator of the 2010 TREC legal track; and

Bennett Borden: co-chair of the e-Discovery and Information Governance Section at Williams Mullen and member of Working Group I of The Sedona Conference on Electronic Document Retention and Production, as well as the Cloud Computing Drafting Group.

This highly qualified panel discussed a number of topics related to predictive coding, including practical applications of predictive coding technologies and results of the TREC 2010 Legal Track Learning Task on the effectiveness of “Predictive Coding” technologies.

Before discussing the strategies for using predictive coding technologies and the results of the TREC study, it’s important to understand what predictive coding is.  The panel gave the best descriptive definition that I’ve seen yet for predictive coding, as follows:

“The use of machine learning technologies to categorize an entire collection of documents as responsive or non-responsive, based on human review of only a subset of the document collection. These technologies typically rank the documents from most to least likely to be responsive to a specific information request. This ranking can then be used to “cut” or partition the documents into one or more categories, such as potentially responsive or not, in need of further review or not, etc.”

The panel used an analogy for predictive coding by relating it to spam filters that review and classify email and learn based on previous classifications which emails can be considered “spam”.  Just as no spam filter perfectly classifies all emails as spam or legitimate, predictive coding does not perfectly identify all relevant documents.  However, they can “learn” to identify most of the relevant documents based on one of two “learning” methods:

  • Supervised Learning: a human chooses a set of “exemplar” documents that feed the system and enable it to rank the remaining documents in the collection based on their similarity to the exemplars (e.g., “more like this”);
  • Active Learning: the system chooses the exemplars on which human reviewers make relevancy determinations, then the system learns from those classifications to apply to the remaining documents in the collection.

Tomorrow, I “predict” we will get into the strategies and the results of the TREC study.  You can check out a replay of the session at theVirtual LegalTech site. You’ll need to register – it’s free – then login and go to the CLE Center Auditorium upon entering the site (which is up all year, not just on "live days").  Scroll down until you see this session and then click on “Attend Now” to view the replay presentation.  You can also go to the Resource Center at the site and download the slides for the presentation.

So, what do you think?  Do you have experience with predictive coding?  Please share any comments you might have or if you’d like to know more about a particular topic.

eDiscovery Project Management: Effectively Manage your Clients
 

If you work in a law firm, your clients are in-house:  they are the litigation teams in your own firm.  It’s important that you maintain good lines of communication with them throughout a project and that you have a mutual understanding, from the start, of what’s expected.  That, of course, starts with setting expectations: 

  • As a first step, gather the information you need.  You’ll probably need to know the schedule for the case, the expected size of the document collection, locations of the documents, contact information for litigation team members, and case management order requirements.  If you can, schedule a meeting to collect this information.  If that won’t work, make it easy for your clients to give you this information (you might use an easy-to-answer email questionnaire).
  • Next, prepare and distribute a memo summarizing your understanding of the requirements.  Include a description of the deliverables, schedule and budget information, and a description of your approach.
  • Don’t agree to the impossible or the unreasonable.  Try to talk them out of bad decisions.  If you can’t prepare a memo that describes what potential problems may occur.

Throughout the life of the project make sure to submit regular status reports that tell your client where you are with regard to budget and schedule and that highlight project points of interest.  Don’t wait to pass along important project information in a regular status report.  If there’s a problem that needs their attention, give them a call and put it in a memo.  Keep your clients current on what you are doing and on where things stand.

What do you think?  How do you manage your clients’ expectations?  Please share any comments you might have or tell us if you’d like to know more about a topic.

eDiscovery Tips: SaaS and eDiscovery – More Top Considerations

Friday, we began talking about the article regarding Software as a Service (SaaS) and eDiscovery entitled Top 7 Legal Things to Know about Cloud, SaaS and eDiscovery on CIO Update.com, written by David Morris and James Shook from EMC.  The article, which relates to storage of ESI within cloud and SaaS providers, can be found here.

The article looks at key eDiscovery issues that must be addressed for organizations using public cloud and SaaS offerings for ESI, and Friday’s post looked at the first three issues.  Here are the remaining four issues from the article (requirements in bold are quoted directly from the article):

4. What if there are technical issues with e-discovery in the cloud?  The article discusses how identifying and collecting large volumes of data can have significant bandwidth, CPU, and storage requirements and that the cloud provider may have to do all of this work for the organization.  It pays to be proactive, determine potential eDiscovery needs for the data up front and, to the extent possible, negotiate eDiscovery requirements into the agreement with the cloud provider.

5. If the cloud/SaaS provider loses or inadvertently deletes our information, aren’t they responsible? As noted above, if the agreement with the cloud provider includes eDiscovery requirements for the cloud provider to meet, then it’s easier to enforce those requirements.  Currently, however, these agreements rarely include these types of requirements.  “Possession, custody or control” over the data points to the cloud provider, but courts usually focus their efforts on the named parties in the case when deciding on spoliation claims.  Sounds like a potential for third party lawsuits.

6. If the cloud/SaaS provider loses or inadvertently deletes our information, what are the potential legal ramifications?  If data was lost because of the cloud provider, the organization will probably want to establish that they’re not at fault. But it may take more than establishing who deleted the data. – the organization may need to demonstrate that it acted diligently in selecting the provider, negotiating terms with established controls and notifying the provider of hold requirements in a timely manner.  Even then, there is no case law guidance as to whether demonstrating such would shift that responsibility and most agreements with cloud providers will limit potential damages for loss of data or data access.

7. How do I protect our corporation from fines and sanction for ESI in the cloud?  The article discusses understanding what ESI is potentially relevant and where it’s located.  This can be accomplished, in part, by creating a data map for the organization that covers data in the cloud as well as data stored within the organization.  Again, covering eDiscovery and other compliance requirements with the provider when negotiating the initial agreement can make a big difference.  As always, be proactive to minimize issues when litigation strikes.

Let’s face it, cloud and SaaS solutions are here to stay and they are becoming increasingly popular for organizations of all sizes to avoid the software and infrastructure costs of internal solutions.  Being proactive and including corporate counsel up front in decisions related to SaaS selections will enable your organization to avoid many potential problems down the line.

So, what do you think?  Does your company have mechanisms in place for discovery of your cloud data?  Please share any comments you might have or if you’d like to know more about a particular topic.

eDiscovery Tips: SaaS and eDiscovery – Top Considerations
 

There was an interesting article this week regarding Software as a Service (SaaS) and eDiscovery entitled Top 7 Legal Things to Know about Cloud, SaaS and eDiscovery on CIO Update.com, written by David Morris and James Shook from EMC.  The article, which relates to storage of ESI within cloud and SaaS providers, can be found here.

The authors note that “[p]roponents of the cloud compare it to the shift in electrical power generation at the turn of the century [1900’s], where companies had to generate their own electric power to run factories.  Leveraging expertise and economies of scale, electric companies soon emerged and began delivering on-demand electricity at an unmatched cost point and service level.”, which is what cloud components argue that the SaaS model is doing for IT services.

However, the decision to move to SaaS solutions for IT services doesn’t just affect IT – there are compliance and legal considerations to consider as well.  Because the parties to a case have a duty to identify, preserve and produce relevant electronically stored information (ESI), information for those parties stored in a cloud infrastructure or SaaS application is subject to those same requirements, even though it isn’t necessarily in their total control.  With that in mind, the article looks at key eDiscovery issues that must be addressed for organizations using public cloud and SaaS offerings for ESI, as follows (requirements in bold are quoted directly from the article):

  1. Where is ESI actually located when it is in the ethereal cloud or SaaS application?  It’s important to know where your data is actually stored.  Because SaaS providers are expected to deliver data on demand at any time, they may store your data in more than one data center for redundancy purposes.  Data centers could be located outside of the US, so different compliance and privacy requirements may come into play if there is a need to produce data from these locations.
  2. What are the legal implications of e-discovery in the cloud? Little case law exists on the subject, but it is expected that the responsibility for timely preservation, collection and production of the data remains with the organization at party in the lawsuit, even though that data may be in direct control of the cloud provider.
  3. What happens if a lawsuit is in the US but one company’s headquarters is in another country? Or what if the data is in a country where the privacy rules are different?  The article references one case – AccessData Corp. v. ALSTE Technologies GMBH , 2010 WL 318477 (D. Utah Jan. 21, 2010) – where the German company ALSTE cited German privacy laws as preventing it from collecting relevant company emails that were located in Germany (the US court compelled production anyway).  So, jurisdictional factors can come into play when cloud data is housed in a foreign jurisdiction.

This is too big a topic to cover in one post, so we’ll cover the other four eDiscovery issues to address in Monday’s post.  Let the anticipation build!

So, what do you think?  Does your company have ESI hosted in the cloud?  Please share any comments you might have or if you’d like to know more about a particular topic.