Litigation: Out of sight, out of mind
Once you determine when the duty to preserve commenced, you need to identify what needs to be preserved.
July 04, 2013 at 05:00 AM
5 minute read
The original version of this story was published on Law.com
We previously addressed the scope of the duty to preserve. Once you determine when the duty to preserve commenced, you need to identify what needs to be preserved. While the scope of this duty has not changed dramatically over the years, the location, type and amount of information included within that duty has exploded in the past decade due to the advancement of technology and growth of social media outlets. This expansion of available outlets and the ease of creating information has substantially increased the complexity of issues associated with complying with the duty to preserve.
One of the most significant developments involves the use of third party data storage providers or “cloud providers.” Storage of information in the cloud affords companies numerous advantages, most significantly, the cost savings associated with data storage. Placing data in the cloud allows companies to replace portions of their existing technology infrastructure with third party data storage providers. But the convenience and related cost savings are not without risks. The most serious risks include preservation of confidentiality and security of the data as well as the ability to comply fully with preservation obligations on a timely basis.
Rule 34(a)(1) requires the preservation and production of documents within a party's possession, custody or control. Information in the cloud typically is not within a party's possession or custody. Yet, courts generally hold that information stored in the cloud falls within a party's control. Extending the duty to preserve to third parties is not new. Indeed, prior to electronically stored information becoming predominant, companies often stored paper files in warehouses operated by third parties. Now the cloud presents a new type of third party and a new location that companies must consider in complying with their duty to preserve. Given that this type of obligation is not new, courts generally are not sympathetic to parties who fail to appropriately preserve information stored in the cloud.
If you have not yet entered into an agreement to store information with a cloud service provider, there are several key issues to consider before selecting a vendor. A summary of all the legal issues associated with selecting a provider is beyond the scope of this piece, however certain key considerations must be made with regard to preservation of data. After ensuring that confidentiality and data security issues will be adequately addressed, companies should consider whether a legal hold can be properly effectuated and whether it can be established for specific types of information to be stored. For example, can information pertaining to a single custodian for a three-year period be located and made subject to a hold. To the extent that this is not possible or easy to implement, a company may determine that certain information should not be stored with a cloud service provider. While software applications exist that enable cloud users to implement their own litigation hold for information stored in the cloud, not all cloud service providers use these applications. After confirming this ability, the process for effectuating a legal hold (i.e., type of notice, who receives notice, method of confirmation of compliance) should also be confirmed.
A second consideration is how the cloud service provider will respond to third-party subpoenas
and/or requests for information. A company should confirm that it will be notified immediately of any such request and that information will not be produced without affording the company an opportunity to respond to the request.
Another consideration is whether the cloud service provider will comply with your existing data retention policies, which may include different retention periods for different types of information. This issue involves your ability to delete portions of the stored data in compliance with your existing record retention policies.
If you are already engaged in a contractual relationship with a cloud service provider, you should prepare now for future litigation. First, you should confirm which cloud service providers currently store data for your company and what data they possess. Then determine where and how this information is stored. The location of your data can become significant depending on the jurisdiction's privacy laws. Further, understanding how your information is stored (i.e., is it separate from other users and in what format is it stored) will enable you to know the requirements of any future e-discovery collection and production. Finally, you should know whether the cloud service provider will allow self-collection of any information that needs to be produced in litigation. To the extent self-collection is not permitted, you should learn the costs associated with any potential collection efforts.
Overall, use of cloud service providers is generally beneficial in terms of cost savings and related technological logistics. As with any benefit, there are certain risks—knowing and assessing these risks before data is stored in the cloud or needs to be produced in litigation can avoid the imposition of costly sanctions. Our last topic in this series will address the various sanctions courts impose when data and information is not properly preserved and the issue of spoliation of evidence arises.
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View AllCoinbase Hit With Antitrust Suit That Seeks to Change How Crypto Exchanges Operate
3 minute readBaker Botts' Biopharma Client Sues Former In-House Attorney, Others Alleging Extortion Scheme
Trending Stories
Who Got The Work
Michael G. Bongiorno, Andrew Scott Dulberg and Elizabeth E. Driscoll from Wilmer Cutler Pickering Hale and Dorr have stepped in to represent Symbotic Inc., an A.I.-enabled technology platform that focuses on increasing supply chain efficiency, and other defendants in a pending shareholder derivative lawsuit. The case, filed Oct. 2 in Massachusetts District Court by the Brown Law Firm on behalf of Stephen Austen, accuses certain officers and directors of misleading investors in regard to Symbotic's potential for margin growth by failing to disclose that the company was not equipped to timely deploy its systems or manage expenses through project delays. The case, assigned to U.S. District Judge Nathaniel M. Gorton, is 1:24-cv-12522, Austen v. Cohen et al.
Who Got The Work
Edmund Polubinski and Marie Killmond of Davis Polk & Wardwell have entered appearances for data platform software development company MongoDB and other defendants in a pending shareholder derivative lawsuit. The action, filed Oct. 7 in New York Southern District Court by the Brown Law Firm, accuses the company's directors and/or officers of falsely expressing confidence in the company’s restructuring of its sales incentive plan and downplaying the severity of decreases in its upfront commitments. The case is 1:24-cv-07594, Roy v. Ittycheria et al.
Who Got The Work
Amy O. Bruchs and Kurt F. Ellison of Michael Best & Friedrich have entered appearances for Epic Systems Corp. in a pending employment discrimination lawsuit. The suit was filed Sept. 7 in Wisconsin Western District Court by Levine Eisberner LLC and Siri & Glimstad on behalf of a project manager who claims that he was wrongfully terminated after applying for a religious exemption to the defendant's COVID-19 vaccine mandate. The case, assigned to U.S. Magistrate Judge Anita Marie Boor, is 3:24-cv-00630, Secker, Nathan v. Epic Systems Corporation.
Who Got The Work
David X. Sullivan, Thomas J. Finn and Gregory A. Hall from McCarter & English have entered appearances for Sunrun Installation Services in a pending civil rights lawsuit. The complaint was filed Sept. 4 in Connecticut District Court by attorney Robert M. Berke on behalf of former employee George Edward Steins, who was arrested and charged with employing an unregistered home improvement salesperson. The complaint alleges that had Sunrun informed the Connecticut Department of Consumer Protection that the plaintiff's employment had ended in 2017 and that he no longer held Sunrun's home improvement contractor license, he would not have been hit with charges, which were dismissed in May 2024. The case, assigned to U.S. District Judge Jeffrey A. Meyer, is 3:24-cv-01423, Steins v. Sunrun, Inc. et al.
Who Got The Work
Greenberg Traurig shareholder Joshua L. Raskin has entered an appearance for boohoo.com UK Ltd. in a pending patent infringement lawsuit. The suit, filed Sept. 3 in Texas Eastern District Court by Rozier Hardt McDonough on behalf of Alto Dynamics, asserts five patents related to an online shopping platform. The case, assigned to U.S. District Judge Rodney Gilstrap, is 2:24-cv-00719, Alto Dynamics, LLC v. boohoo.com UK Limited.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250