Thought Leadership and Industry Trends
Seeing Through the Cloud: Issues in Cloud Storage We Need to Start Talking About
By Chris O’Connor, Director of eDiscovery Strategy, CDS.
What is the cloud and what happens to your documents in cloud storage? In its simplest form, “the cloud” refers to a server network connected to the internet. It’s an ambiguous term that covers everything from a LAN within a company to the huge networks run by services like Amazon, Google, and Microsoft. Some even define the internet itself as “the cloud.” The services (SaaS, IaaS, and PaaS) provided via the cloud are referred to as “cloud computing,” which is simply the practice of storing regularly used computer data on multiple servers connected through the internet. Of course, a definition is just the beginning. We need to put it in context. We’re only just starting to understand the full range of eDiscovery issues involved in cloud storage from a technical side. And the legal system is way behind the technologists in dealing with these concerns.
Some of the key questions arising in the eDiscovery context include the following:
When is data deleted from the cloud?
When you store data in a cloud and delete it, it doesn’t disappear right away. Initially, pressing the delete button just eliminates your access to the documents. Others may still have access through their own entry points. Even when everyone with access deletes their links to the data, the entity in control of the cloud may not purge the data from the storage array immediately. How long that takes varies.
If you delete a photo on any number of popular social media sites, you aren’t actually hunting the end server location and obliterating the file. You are just killing the XML link to the document. This set up allows the social media company to provide redundancy and access to all of those photos promptly no matter how the user is accessing the data. But when the user hits delete, the photo is not gone; it’s merely not accessible. Now let’s imagine the same scenario but where documents relevant to a litigation instead of photos are what is being accessed. If deletion is ordered or agreed to by parties in a litigation, should we be comfortable conflating deletion as obliteration with deletion as loss of access? Do courts understand that this distinction exists?
Can you legally attest to whether documents have been deleted from the cloud?
Since it may take time for data to truly be deleted from cloud storage, how can parties and attorneys affirm in court documents that information is in fact deleted? On the other hand, how can you say that you’re not sure if it’s gone? Technology companies, attorneys and the court system need to start having conversations about how to address these real issues.
What if the cloud storage is in another country?
Data in the cloud can be accessed anywhere anytime. It’s not uncommon for providers to buy cloud storage in a particular country to handle data in an ongoing case in that country. But what happens to the data when the case is over and the firm has closed the storage account? Has that data been deleted? Is that data still part of the cloud’s storage array? The reality is that cloud storage is only going to become more prevalent. EDiscovery professionals and attorneys need to be able to educate the courts and investigative agencies about the realities surrounding scalable storage arrays, the “big data” arrays discussed seemingly in every other article on eDiscovery a few years ago.
In future posts, we’ll talk about these issues in more detail with a goal of raising awareness and starting a conversation about how laws and policies need to evolve.
If you are utilizing or considering cloud storage for document retention, contact us for a consultation.
About the Author