The discovery process is tough, time consuming and expensive. What new problems are corporate attorneys facing now with the availability of “free to the public cloud storage”?

First, what is “free to the public cloud storage”? For the purposes of this blog I will define it as a minimum amount of storage capacity offered by a third party, stored and accessible via the internet made available to the public at no cost (with the hope you purchase more). The cloud storage offerings I’ve already mentioned do not limit the types of files you can upload to these services. Music storage is a prime target for these services but many, like myself, are using them for storage of other types of files such as work files which can be accessed and used with nothing more than a computer and internet connection, anywhere.

Examples of these cloud storage offerings include Dropbox, Amazon Cloud Drive, Apple iCloud, and Microsoft SkyDrive. I looked at the Google Cloud Service but determined it is only useful with Google Docs.

A more detailed comparison of these services can be found here.

The only differences between the four offerings stem from the amount of free capacity available and how you access your files. For example, my Amazon Cloud Drive as seen from my Firefox web interface:

Figure 1: The Amazon Cloud Drive web interface

The advantage to users for these services is the ability to move and store work files that are immediately available to you from anywhere. This means you no longer have to copy files to a USB stick or worse, email work files as an attachment to your personal email account. The disadvantage of these services are corporate information can easily migrate away from the company security and be managed by a third party the company has no agreement with or understanding of in reference to the third party will respond to eDiscovery requests. Also be aware that ESI, even deleted ESI is not easily removed completely. In a previous blog I talked about the Dropbox “feature” of not completely removing ESI when deleted from the application as well as keeping a running audit log of all interactions of the account (all discoverable information). The Amazon Cloud Drive has the same “feature” with deletions.

Figure 2: The deleted items folder in the Amazon Cloud Drive actually keeps the deleted files for some period of time unless they are marked and “Permanently Deleted”

The big question in my mind is how will corporate counsel, employees and opposing counsel address this new potential target for responsive ESI? Take, for example, a company which doesn’t include public cloud storage as a potential litigation hold target, doesn’t ask employees about their use and or doesn’t search through these accounts for responsive ESI…potential spoliation.

For Corporate counsel:

1. Be aware these types of possible ESI storage locations exist.
2. Create a use policy addressing these services. Either forbid employees from setting up and using these services from any work location and equipment or if allowed be sure employees acknowledge these accounts can and will be subject to eDiscovery search.
3. Audit the policy to insure it is being followed.
4. Enforce the policy if employees are not following it.
5. Document everything.

For employees:

1. Understand that if you setup and use these services from employer locations, equipment and with company ESI, all ESI in that account could be subject to eDiscovery review.
2. If you use these services for work, only use them with company ESI, not personal files.
3. Be forthcoming with any legal questioning about the existence of these services you use.
4. Do not download any company ESI from these services to any personal computer, this could potentially open up that personal computer to eDiscovery by corporate counsel

For opposing counsel:

Ask the following questions to the party being discovered

1. Do any of your employees utilize company sanctioned or non-sanctioned public cloud storage services?
2. Do you have a use policy which addresses these services?
3. Does the policy penalize employees for not following this use policy?
4. Do you audit this use policy?
5. Have you documented the above?

These services are the obvious path for employees to utilize over the next couple of years to make their lives easier. All involved need to be aware of the eDiscovery implications.