iCloud: Facing Reality and Addressing the Risks

Part 3 of 3
Read Part 1 & Part 2

Safeguarding Your Company

The release of iCloud and the massive number of migrations even in the first few weeks has pulled cloud computing into the mainstream. The time to weigh the pros and cons of using cloud computing is over! Like it or not tens of millions of employees have already brought company data into a virtualized environment, so now what?

To stave off some of the negative impact of the personal cloud migration, companies need to proactively address cloud computing instead of debating about its use. The personal cloud adds another dimension to the already convoluted aspect of duty to preserve, and without any firm ruling or revision the Federal Rules of Civil Procedure the potential cost associated with e-discovery will continue to climb. When drafting the legal hold or going to a 26(f) meet and confer attorneys need to consider the personal cloud when evaluating data collection and preservation. Be sure that your litigation hold protocol covers personal cloud computing, syncing, and automatic backup.  Revise your policy if need be and ensure that it works with testing.

Impact on Pre-Discovery Fact-Driven Case Analysis

When collecting and searching for data from custodians be sure to determine if they are using iCloud or any similar personal cloud and extend the collection to include personal devices if the custodian has been synching work email and documents in their personal cloud.  Whether drafting or answering a discovery request be aware that potentially responsive ESI should includes personal cloud computing if work and personal information has been backed up in the iCloud. And although discovery requests seek information in the possession, custody, or control of the relevant custodian, be sure to specify that this extends to all sources of ESI for potentially responsive data including that synched in a personal cloud and talk about all these ESI sources in your Rule 26(f) conferences.

From an information governance standpoint, clearly define company policy on using personal devices for work related matters and re-evaluate existing policies if they are not in line with the risk profile of your company. Consider drafting specific policy on migration or personal devices with access to company email or documents and/or policy on co-mingling of work information on personal devices may serve to reign in data sprawl and mitigate exposure to external threats as well.

Concluding Thoughts

In terms of cloud computing, the future is now. As legal professionals and e-discovery practitioners we have to accept that personal cloud computing is more and more a reality and address the risks that result. Going into a case with an electronic discovery component be as inclusive as possible when evaluating potential sources although prudent in the actual collection. Non linear review techniques, (predictive analytics, AI, advanced ECA) all can help in controlling the likely glut of information that this new vector of ESI will create. As an e-discovery practitioner or legal professional be aware that although your company or clients may not have adopted cloud computing at an enterprise level there is a great likelihood that one or many custodians may have on an individual level and prepare accordingly.