How electronic discovery during litigation is impacted by information stored in the cloud Featured

8:00pm EDT April 30, 2012
How electronic discovery during litigation is impacted by information stored in the cloud

Cloud computing is the marketing focus of many IT companies.

Ads touting the benefits of cloud computing and the “cloud readiness” of software products are visible in airports, print media and on TV, and surveys predicting the rapid adoption of cloud computing solutions appear regularly. But how do cloud computing solutions affect the production of electronic documents and information in a litigation setting?

Smart Business spoke with James P. Martin, CMA CIA CFE, managing director of Cendrowski Corporate Advisors, regarding the issues that can arise when attempting to obtain information when a party has information stored in the cloud.

What is cloud computing?

Cloud computing describes an IT model in which computing resources can be obtained and utilized on an as-needed basis; this is why cloud computing is often referred to as ‘utility computing.’ The end user is provided a turnkey solution that is supported and maintained by the service provider at a remote location.

Cloud computing is enabled by rapid, reliable Internet communications, and, in fact, ‘the cloud’ is a term referring to the pool of resources hosted on the Internet.

What are some common cloud solutions that should be considered in litigation?

Cloud computing applications include hosted email products, such as Gmail or Hotmail, picture hosting services, text message services, hosted document processing, as well as social media services such as Facebook, Myspace, or dating sites. These sites would potentially have data that could be relevant to the litigation.

How does a cloud solution affect electronic discovery?

Moving to a cloud computing solution does not remove an organization’s document retention requirements, and many cloud solutions tout their ability to help the organization meet statutory requirements.   If the cloud vendor performs services to the public, access to the data stored in that solution would be subject to the restrictions of the Stored Communication Act.

It is also important to understand that this is an emerging area of law. Third-party solutions are evolving rapidly, and social media services are creating issues and carrying information that was inconceivable a few years ago. The legal system is dealing with emerging issues related to these new technologies and case law is changing rapidly.

What is the Stored Communication Act?

Data hosted by a third-party service provider may be covered by the Stored Communications Act (18 U.S.C. §§ 2701-2712 (SCA). This act was included as Title II of the Electronic Communications Privacy Act of 1986.

The SCA states that ‘a person or entity providing an electronic communication service to the public shall not knowingly divulge to any person or entity the contents of a communication while in electronic storage by that service.’ The SCA was primarily written to protect the end user of computing services from government surveillance. In civil litigation, some courts have concluded that contents of communications cannot be disclosed to litigants even when presented with a civil subpoena.

How can a litigant obtain information subject to the SCA?

The SCA defines three categories of information; each category has different requirements to obtain the information. In litigation, the parties will tend to need access to ‘contents,’ such as email conversations and documents, which has the highest threshold. Contents generally require a subpoena with notice, a court order with notice, or search warrant.

One wrinkle is that the SCA defines a ‘court of competent jurisdiction’ as any district court of the United States, and the U.S. Court of Appeals; it is silent on whether state courts may issue orders to providers outside their districts.

Are there any exceptions to these requirements?

Yes, the SCA includes several exceptions.  Importantly, contents can be produced with the permission of the subscriber.  Also, contents can be released in emergency situations related to the commission of a crime, death, or serious physical injury, or if it is submitted to the National Center for Missing and Exploited Children.

Also, the SCA applies only to companies that provide the service to the public.  For example, consider a consultant who is provided an email account by a company where he or she is assigned for work.  Court decisions have determined that the company providing such an email account is not covered by the SCA, as it does not provide services to the public.

How are courts dealing with discovery in a civil matter?

In a recent decision, the court noted that a subscriber could grant permission for the provider to release contents and reasoned that the information held by the provider was under the control of the subscriber, and therefore had a duty to exercise this control and retrieve the content. The court allowed a subpoena to the subscriber directing it to provide permission to produce the information. Courts continue to evaluate aspects of the SCA, and case law continues to build around these issues.

Investigators attempting to access information held by a third party will need to evaluate an appropriate course of action depending on the type of information to be received, as well as the relative cooperation of the subscribing party.

JAMES P. MARTIN, CMA, CIA, CFE, is managing director for Cendrowski Corporate Advisors LLC. Reach him at (866) 717-1607 or

jpm@cendsel.com.

Insights Accounting is brought to you by Cendrowski Corporate Advisors LLC