Page 1

E-Discovery Insights – Clearwell Systems, Inc.

E-Discovery and the Cloud: Possession, Custody, and Control by Venkat Ranganon September 3rd, 2010

In a prior post a few months ago, I wrote about the electronic discovery challenges that the duty to preserve electronically stored information (ESI) imposed on a cloud-based computing environment. Following that post, we will continue to examine another area that the Federal Rules of Civil Procedures (FRCP) requires with respect to document production. As stated, the FRCP Rule 34 (a) (1) offers guidelines on the duty to: “…produce and permit the requesting party or its representative to inspect, copy, test, or sample the following items in the responding party’s possession, custody, or control.” The key phrase “possession, custody or control” is something to be examined more closely in the context of Cloud Computing environments, where typically the cloud customer is the party in control and the cloud service provider is the party in possession and custody. In cases where the cloud customer is the party in litigation, it is natural to serve pre-trial a discovery request under Rule 26 (b) to the cloud customer and expect that since they are the party in control, and can therefore instruct the cloud provider to perform at least some form of collections. Now the question that remains is whether the same request can be made of the cloud provider, since they are the party in possession and/or custody. It is evident that requesting the cloud provider to perform a discovery request on behalf of their customers is impractical since any assertion of privilege or confidentiality would require the cloud customer to be involved in the discovery request. Besides, the cloud provider producing documents without consent from the customer of the cloud would run afoul of the Stored Communications Act (SCA). For these reasons, the broader three-pronged test of “possession, custody or control” embodied in Rule 34 (a)(1) should be revised to mean only “party in control”. This view is supported in the seminal decision on Flagg v. City of Detroit, Slip Copy, 2008 WL 787061 (E.D.Mich.). A great analysis of this case by Timothy Ackermann is available in The Federal Lawyer, November/December 2009 article, titled Consent and Discovery under the Stored Communications Act . As stated, when it comes to the application of “possession, custody or control”, the most significant test for cloud based deployments is “control”. For the cloud customer, “possession and custody” are not relevant, because in a strict sense, it is the cloud provider that can claim possession and custody. However, the cloud customer is clearly in “control” of the data, as evidenced by pretty much every service contract that gives the customer “the legal right to obtain the documents on demand”. Also, the cloud customer has the right to give “consent” to the cloud service provider to make the documents available. Thus, a cloud customer cannot claim that since they did not have “possession or custody”, the e-discovery obligations cannot be waived.

To read more visit www.clearwellsystems.com/e-discovery-blog/

1


E-Discovery Insights – Clearwell Systems, Inc. From the cloud provider’s perspective, the mere fact they have “possession or custody” does not require them to produce documents, unless the cloud customer gives lawful consent per the Stored Communications Act. Yet again, for the application of FRCP 34(a)(1) , we find that the party in control over the data is the one that determines discoverability of data in the cloud. In contrast, the third party that is merely in possession or custody is not required to produce responsive ESI, given the provisions of the SCA. As noted in Flagg v. City of Detroit, the district court did not find the need to consider the issue of having a subpoena issued to the cloud provider (SkyTel Communications), since the required evidence was more easily acquired by an e-discovery request to the cloud customer (City of Detroit). A similar argument is made in the Crispin v. Audigier Inc., a case involving postings on familiar social networking sites, Facebook and MySpace. Here, District Judge Margaret M. Morrow goes to great lengths explaining why the provider is not required to produce documents based on protections offered by the SCA. In summary, the nature of cloud deployments and their usage redefines the scope of ESI to those that the customer has control. Regardless of the interpretation of Rule 34, common sense dictates that the cloud provider and cloud user cooperate when it comes to e-discovery requests. Of course, one of the challenges with cloud deployments is the SCA and its interpretation for cloud-resident ESI. This will be the subject of my next post.

To read more visit www.clearwellsystems.com/e-discovery-blog/

2

E-Discovery and the Cloud: Possession, Custody, and Control  

In a prior post a few months ago, I wrote about the electronic discovery challenges that the duty to preserve electronically stored informat...

Read more
Read more
Similar to
Popular now
Just for you