Cloud Computing Poses E-Discovery, Legal Risks
April 10, 2009By Marty Foltyn
ORLANDO, Fla. — Cloud computing was a hot topic at this week's Storage Networking World show, but one attorney sounded a warning note about the rush to the cloud.
In a presentation titled "Computing (strike that — Litigation) in the Cloud," Steven Teppler, senior counsel at KamberEdelson in New York, said cloud computing and services are a corporate counsel's nightmare.
The 2006 e-discovery amendments to the Federal Rules of Civil Procedure (FRCP) changed the legal and corporate information landscape, putting custody and control at top of mind.
"Cloud computing means that data may always be in transit," said Teppler, "never anywhere, always somewhere."
And that creates a big challenge for corporate counsel. How can they identify "who, when and where" in the cloud? How can organizations handle document retention? And to add another layer of worry, information targeted for the cloud may also be subject to laws requiring privacy and persistent data integrity, and other requirements that the storage manager may not even be aware of.
Teppler spelled out the top cloud computing shortcomings: no native security attributes; inadequate or no security provisioning by providers; the lack of understanding of cloud legal issues (a real problem for not only cloud computing providers, but also corporate counsel and IT consultants); and the failure to recognize potential liability from either legal issues or a lack of security.
Teppler told the audience that litigation in the cloud is already here. Users of cloud services will need to insist on service level agreement (SLA) terms with their providers to ensure legal and regulatory compliance, searchability, demonstrable customer care (security), provably persistent data integrity and reliability, and demonstrable storage security and integrity for electronically stored information in the cloud.
