Cloud Computing: E-Discovery Challenges Best Practices to Minimize Pitfalls in Identification, Preservation and Collection of ESI

Today’s faculty features:

1pm Eastern | 12pm Central | 11am Mountain | 10am Pacific

The audio portion of the conference may be accessed via the telephone or by using your computer's

speakers. Please refer to the instructions emailed to registrants for additional information. If you

have any questions, please contact Customer Service at 1-800-926-7926 ext. 10.

WEDNESDAY, OCTOBER 24, 2012

Presenting a live 90-minute webinar with interactive Q&A

Todd Nunn, Partner, K&L Gates, Seattle

Tanya Forsheit, Partner, Information Law Group, Manhatten Beach, Calif.

Sound Quality

If you are listening via your computer speakers, please note that the quality of

your sound will vary depending on the speed and quality of your internet

connection.

If the sound quality is not satisfactory and you are listening via your computer

speakers, you may listen via the phone: dial 1-866-869-6667 and enter your

PIN -when prompted. Otherwise, please send us a chat or e-mail

sound@straffordpub.com immediately so we can address the problem.

If you dialed in and have any difficulties during the call, press *0 for assistance.

Viewing Quality

To maximize your screen, press the F11 key on your keyboard. To exit full screen,

press the F11 key again.

For CLE purposes, please let us know how many people are listening at your

location by completing each of the following steps:

• In the chat box, type (1) your company name and (2) the number of

attendees at your location

• Click the SEND button beside the box

FOR LIVE EVENT ONLY

If you have not printed the conference materials for this program, please

complete the following steps:

• Click on the + sign next to “Conference Materials” in the middle of the left-

hand column on your screen.

• Click on the tab labeled “Handouts” that appears, and there you will see a

PDF of the slides for today's program.

• Double click on the PDF and a separate page will open.

• Print the slides by clicking on the printer icon.

Cloud Computing and E-Discovery

Todd L. Nunn

e-Discovery Analysis and Technology Group, K&L Gates, Seattle

206.370.7616

todd.nunn@klgates.com

6

Cloud Computing E-Discovery - Contents

Cloud Computing Introduction

Possession, Custody and Control

Litigation Holds/26(f) Conference/Collection

Use and Admissibility

Jurisdiction

Third-party Subpoenas

7

What is Cloud Computing?

“Cloud computing comes into focus only when you think

about what IT always needs: a way to increase capacity

or add capabilities on the fly without investing in new

infrastructure, training new personnel, or licensing new

software. Cloud computing encompasses any

subscription-based or pay-per-use service that, in real

time over the Internet, extends IT’s existing capabilities.”

Knorr, Galen, “What cloud computing really means”, Infoworld (4/7/2008)

8

What is Cloud Computing?

“The very definition of cloud computing remains

controversial. Consulting firm Accenture has crafted a

useful, concise definition: the dynamic provisioning of IT

capabilities (hardware, software, or services) from third

parties over a network.”

“Cloud computing is a computing model, not a

technology.”

Fogarty, “Cloud Computing Definitions and Solutions”, CIO.com

(9/10/2009).

9

Types of Cloud Computing Services - NIST

Cloud Software as a Service (SaaS)

Use provider’s applications over a network

Cloud Platform as a Service (PaaS)

Deploy customer-created applications to a cloud

Cloud Infrastructure as a Service (IaaS)

Rent processing, storage, network capacity, and

other fundamental computing resources

10

The NIST Cloud Definition Framework

10

Community

Cloud Private

Cloud Public Cloud

Hybrid Clouds

Deployment

Models

Service

Models

Essential

Characteristics

Common

Characteristics

Software as a

Service (SaaS)

Platform as a

Service (PaaS)

Infrastructure as a

Service (IaaS)

Resource Pooling

Broad Network Access Rapid Elasticity

Measured Service

On Demand Self-Service

Low Cost Software

Virtualization Service Orientation

Advanced Security

Homogeneity

Massive Scale Resilient Computing

Geographic Distribution

11

Advantages of Cloud Computing

Lower Costs

Reduce owned infrastructure

Reduce personnel

Increase Computing Capabilities

Large scale storage/massive processing

Flexibility – rapid deployment

Specialized tools/applications/services

Solves Problems

Technology on demand

12

Disadvantages of Cloud Computing - Control

Bottom line – Third party has data

Loss of physical control

Security – Access restriction/control

Auditability – visibility

Forensic access

Still responsible legally for data handling

Still legally in control

Discovery obligations

Regulatory compliance

13

Disadvantages of Cloud Computing – Cloudiness

Who has data

Cloud service provider

Data center provider

More parties – backup provider – consultants

Financial viability - Robust systems

Where is data

Multiple providers

Different states/countries

How is it being handled

Co-mingling with other customer’s data

Backup policy/retention

Permissions/Export/Transfer

14

Cautionary Tale: Liquid Motors, Inc. v. Lynd,

No.3:09-cv-0611-N (N.D. Tex. April 3, 2009)

FBI executed search warrant, raided Liquid Motors (LM) building, seized all equipment

LM was not suspected of any wrongdoing

Seizure and removal of equipment prevented LM from conducting business – LM clients who relied on the hosting service also suffered interruption

LM applied for temporary restraining order and return of equipment

Court found probable cause for FBI’s retention of equipment, denied application, ordered storage array returned within three days (after being copied), ordered “other servers” and second storage array copied and returned to LM “as soon as possible”

15

Questions to ask Cloud Provider – as a start

Will my data be in the same database as other customers?

Will you commit to segregating our company data

How do you deal with differences in retention periods between customers?

When you perform backups, will my data be co-mingled with the data from other companies on the same tape?

What is your retention period for your backup tapes?

When backup tapes reach the end of the retention period, how many months is it before you re-use them?

Where will my data reside?

Will you commit to a set location

Can you provide me information of data center provider

16

Possession,

Custody, Control

17

Possession, Custody and Control

Under Rule 34, Control does not require that the party

have legal ownership or actual physical possession of

the documents at issue.

Documents are considered to be under a party’s control

when that party has the right, authority, or practical

ability to obtain the documents from a non-party to the

action.

A contract about document handling is sufficient to

establish party control over documents in the

possession of a third party.

18

Possession, Custody and Control

With material in cloud, no physical custody, but legal control

Legal control in form of agreement/contract for cloud services

Irony is that you could have legal control (or entitlement), but might not have “practical ability” to get documents

Contract should spell out precisely how get and who pays

Must understand how data is stored to avoid surprises since you are legally in “control”

19

Preservation

20

Zubulake: Preservation Standard

• “Once a party reasonably anticipates litigation, it must

suspend its routine document retention/destruction

policy and put in place a ‘litigation hold’ to ensure the

preservation of relevant documents.” Zubulake v. UBS

Warburg, LLC, 229 F.R.D. 422, 431 (S.D.N.Y. 2004).

• “The obligation to preserve evidence arises when the

party has notice that the evidence is relevant to

litigation or when a party should have known that the

evidence may be relevant to future litigation.” Zubulake

v. UBS Warburg LLC, 220 F.R.D. 212 (S.D.N.Y. 2003)

21

Legal Holds

Start with Document Retention Policy

Understand Policy v. Practice

Coordinate with Records Manager or IT

Whom do you tell?

“Key” Custodians

Data Stewards: Including Cloud Providers

Evolving Process

Revisit at Critical Stages

22

Legal Holds

How do you tell them?

In Writing

Depends on Culture

What do you tell them?

Describe the Case

Document Categories

Instructions for Technical Handling

Consequences/Contact Information

Follow up

Follow up Notices

Interviews

23

Cyntegra, Inc. v. Idexx Labs., Inc., 2007 WL

5193736 (C.D. Cal. Sept. 21, 2007)

Data stored on third-party’s server was deleted

when Plaintiff failed to make payments

Defendant moved for spoliation sanctions

Among other things, Plaintiff alleged it did not have

control of the documents for purpose of

preservation

24

Cyntegra, Inc. v. Idexx Labs., Inc., Cont.

“Similarly, Plaintiff had sufficient control and legal right over the deleted files to constitute fault. Plaintiff contracted to store business documents on NetNation’s computer servers. At least until March 7, 2006, when payment was discontinued, Plaintiff could direct the flow of information to and from NetNation’s servers. Because Plaintiff could have anticipated the possibility of litigation by this time, it had an affirmative duty to make payments and preserve the evidence. Plaintiff cannot bypass this duty by abandoning its documents to a third-party and claiming lack of control. . . . A contractual relationship with a third-party entity provides, at a minimum, an obligation to make reasonable inquiry of the third party entity for the data at issue.”

25

Legal Holds

Document management/Litigation response plan must take cloud services into account

Talk to custodians about what they use/how they store

Contract with Cloud provider should be specific about how legal holds will be handled/charged

Specific of how any deletion will be discontinued

How handle preservation of your data, while handling co-mingled data

Must understand retention periods, back up practices, co-mingling of data, redundancy of systems, security practices of cloud provider

Provider failing or being taken off line during preservation period could be found to be spoliation

Preservation periods could be years long, how maintain/transfer

Legacy ESI

Cloud Let’s The Issue

26

Federal Rule 26(f)

“In conferring the parties must … discuss any issues

about preserving discoverable information …”

26(f) Advisory Committee Notes

discussion of ESI will involve nature of parties’

information systems

“It may be important for the parties to discuss those

systems, and accordingly important for counsel to

become familiar with those systems before the

conference.”

27

Federal Rule 26(f)

Advisory Committee Notes

Reasonableness should guide preservation efforts

“The parties’ discussion should pay particular

attention to the balance between the competing

needs to preserve relevant evidence and to continue

routine operations critical to ongoing activities.”

Recommends parties’ goal should be to agree to

“reasonable preservation steps” taking all

considerations into account

28

Rule 26(f) Conferences

Due diligence to understand how cloud provider is

storing data

Must understand cloud provider system to meet

requirements of 26(f)

If problematic features (slow collection, change

metadata, failed or lost data or provider), should

flag in conference

Cloud Let’s The Issue

29

Inaccessible data – FRCP 26(b)(2)(B)

Specific Limitations on Electronically Stored Information. A party need not provide discovery of electronically stored information from sources that the party identifies as not reasonably accessible because of undue burden or cost. On motion to compel discovery or for a protective order, the party from whom discovery is sought must show that the information is not reasonably accessible because of undue burden or cost. If that showing is made, the court may nonetheless order discovery from such sources if the requesting party shows good cause, considering the limitations of Rule 26(b)(2)(C). The court may specify conditions for the discovery.

30

Inaccessible data – FRCP 26(b)(2)(B)

Advisory Committee Notes: “A party’s identification of sources of [ESI] as not reasonably accessible does not relieve the party of its common-law or statutory duties to preserve evidence. Whether a responding party is required to preserve unsearched sources of potentially responsive information that it believes are not reasonably accessible depends on the circumstances of each case. It is often useful for the parties to discuss this issue early in discovery.”

31

Calixto v. Watson Bowman Acme Corp., 2009 WL

3823390 (S.D.Fla. 2009)

Defendant argued backup tapes were inaccessible because

of undue burden or cost

Vendor estimate for restoring and searching: $40,000 + all

expense to review for relevance and privilege

Found inaccessible

No “good cause” found because material likely duplicative

given time frame and evidence of defendant’s preservation

But one backup tape from earlier time period found not

inaccessible because cost of restoring and reviewing one

tape not burdensome, and evidence of no duplication of

material

32

Starbuck’s v. ADT Security Services, 2009 WL 4730798

(W.D. Wash.)

Used a Zantaz e-mail archive system for certain time period –Plasmon System

500 double sides DVDs accessed by a robot arm

Very slow and laborious to retrieve – but still in use

ADT argued that archive was inaccessible

Court held archive not inaccessible

Court did not find time or expense estimates credible

Because still in use – held must be accessible

Cannot relieve party of duty to produce those documents merely because has chosen a means to preserve which makes ultimate production of documents expensive

33

Inaccessible Data

Burden is on data owner to show inaccessibility

Agreement should be specific about costs for litigation

support

Not inaccessible just because ESI hard/expensive to get

Must understand what cloud provider has and how it works to

support argument of inaccessibility

Arguments that data is redundant

Support specific arguments regarding expense

Cloud Let’s The Issue

34

Collection

35

Collection of ESI

Collect by custodian

Full collection

Self collection

Collect by search terms

Sweep and keep systems

File shares

Non-custodial sources

Databases

Cloud sources

Preservation of metadata and file

structure

36

Collection

Ability to collect completely as important under federal case law

Understand where data is stored

Need to be able to identify custodian material and track what is collected

Speed of collection Collection in bulk or custodian-by-custodian/document-by-document

Format - does cloud storage change metadata What metadata is provided

Will provider be able to prove nothing was deleted - audit

Cloud Let’s The Issue

37

Authentication

38

Procedure of Authentication

Authenticity under 104(b)

Judge makes preliminary determination

Based on admissible evidence

Sufficient evidence to support a jury finding of relevance

Court need not find that the evidence is necessarily what the

proponent claims, but only that there is sufficient evidence

that the jury ultimately might do so

39

Authentication

Evidence rules on authentication apply to ESI in the

same way as other evidence

Rules are the same for paper and ESI

Three methods of authentication refer to computer

based evidence in advisory notes (federal)

901(b)(7) (public records and reports)

901(b)(8) (ancient documents or data compilations)

901(b)(9) (processes or systems)

40

Rule 901. Requirement of Authentication or

Identification

(a) General provision.—The requirement of

authentication or identification as a condition

precedent to admissibility is satisfied by evidence

sufficient to support a finding that the matter in

question is what its proponent claims.

(b) Illustrations.—By way of illustration only, and not

by way of limitation, the following are examples of

authentication or identification conforming with the

requirements of this rule:

41

Available Methods to Authenticate ESI, cont’d.

Rule 902: Self-Authentication: “Extrinsic evidence of

authenticity as a condition precedent to admissibility is

not required with respect to the following:”

Does not require the sponsoring testimony of any

witness

Opposing party may still challenge authenticity

Provisions most commonly used for ESI:

902(d): Official publications (e.g., Census Bureau)

902(g): Trade inscriptions (e.g. business e-mails)

42

Internet Website Postings/Social Media

901(b)(1): Witness with personal knowledge

901(b)(3): Expert testimony

901(b)(4): Distinctive characteristics

901(b)(7): Public records

901(b)(9): System or process capable of producing

a reliable result

902(5): Official publications

902(11): Business Records

43

Other Methods of Establishing Authenticity

Examples listed in Rules 901 and 902 are illustrative

only, not exhaustive

Court may hold that documents produced by a party

in discovery are presumed to be authentic, shifting the

burden to the producing party to show that the

evidence they produced was not authentic

Court may take judicial notice under Rule 201 of

certain foundational facts needed to authenticate an

electronic record

44

Other Approaches to Authenticity

Request opponent to admit the genuineness of the

evidence through CR 36 Requests for Admission

Make request at pretrial conference that opponent

agree to stipulate “regarding the authenticity of

documents”

Disclose electronic evidence in ER 904 pretrial

disclosures of documents; if opponent does not

object within 14 days, any authenticity objections

are waived

45

Deal with Authentication Early

Party’s own records

At time of collection, production

When identifying/interviewing witnesses

Subpoenas

Limited access and leverage on witnesses

Send form declarations

Use records depositions

Get stipulations

46

Use and Admissibility

Will you have the information to satisfy the authentication under 901 and 902

Key is security and access controls

Is there visibility into this for provider

Who at provider will execute a declaration required under authentication rules

Contract should provide for this support

Cloud Let’s The Issue

47

Jurisdiction

48

Where is your data?

Location of data may control conditions of

disclosure

EU & Other data protection laws could affect your

use and transfer of data

49

Can cloud computing affect personal jurisdiction?

Perhaps.

Forward Foods LLC v. Next Proteins, Inc, 873 N.Y.S.2d 511

(N.Y. Sup. Ct. 2008)

In furtherance of sale of business, defendant set up

“virtual data room” which made important documents

available to interested parties

Plaintiff utilized data room to view documents before

finalizing purchase

Purchased business underperformed, Plaintiff filed suit

Defendant moved to dismiss for lack of personal

jurisdiction

50

Forward Foods LLC v. Next Proteins, Inc.

Here, Defendants’ contacts with New York amount to a visit by Jason Stephens, Director of Health and Fitness sales channel, a virtual data room where Defendants uploaded documents for Emigrant to review in New York, and several emails containing additional documents sent to Emigrant in New York. It is undisputed that the meeting between Jason Stephens and Emigrant in New York did concern the sale of Defendants’ business to Plaintiff and that Defendants followed up on the meeting with additional emails to New York. Plaintiffs correctly argue that Defendants maintained sufficient contacts with the state of New York and have clearly transacted business within the state such that personal jurisdiction over Defendants under CPLR § 302(a)(1) would be appropriate.

* Case dismissed for forum non conveniens

51

Third-Party

Subpoenas

52

The Stored Communications Act: 18 U.S.C. § 2701 et seq.

Regulates disclosure of content and non-content information by two types of providers: Electronic Communication Service (ECS)

Remote Computing Service (RCS)

Regulations differ depending on provider type

Generally content will not be disclosed absent consent (who can give consent depends on provider) Other more rarely used exceptions may also apply

Civil subpoena is not an exception requiring disclosure: See e.g., Special Markets Ins. Consultants, Inc. v. Lynch, No. 11 C 9181, 2012 WL 1565348 (N.D. Ill. May 2, 2012)

Non-content information, however, may be disclosed pursuant to a subpoena

53

Seeking Content? Compel Consent (or Use Rule 34):

Flagg v. City of Detroit, 252 F.R.D. 346 (E.D. Mich. 2008)

Defendants alleged SCA prohibited any disclosure of content of text messages absent consent, which Defendant sought to withhold

Court ruled that City could be compelled to provide necessary consent for disclosure:

“In any event, even if Defendants are correct in their contention that SkyTel cannot produce any communications in this case without the “lawful consent” called for under § 2702(b)(3), the Court finds that the Defendant City has both the ability and the obligation to secure any such consent that the SCA may require.”

Courts analysis relied heavily on question of “control” pursuant to Rule 34 – Defendants had control of the content such that they could consent to disclosure

Court counseled that a Rule 34 request directly to a party was a more “straightforward path” and avoided many sticky questions under the SCA

54

Does control and consent analysis apply to non-parties? Yes.

Thomas v. Deloitte Consulting LP, 2004 WL 1372954 (N.D. Tex. June 14, 2004)

Defendant sought production of bank records from non-parties

Court ordered production of documents or authorization for bank to disclose:

Rule 45(a) requires a person served with a subpoena to produce all responsive, non-privileged documents in his “possession, custody or control.” FED. R. CIV. P. 45(a)(1)(C). This rule is broadly construed to encompass both actual and constructive possession. . . . CHS and FPI make no argument that they do not have a legal right to obtain bank statements and checks from Bank of America and Regions Bank. The court will require that they do so or, alternatively, execute authorizations to enable defendant to obtain these documents directly from the banks.

55

Criminal Investigations are Different:

Twitter v. Harris, 2011NY080152 (N.Y. Crim. Ct. 2012)

NY Court ordered production of content and non-content

information from Twitter

Held account owner did not have standing to quash Twitter

subpoena

No proprietary interest

No privacy interest

Production was ordered pursuant to 18 U.S.C. § 2703(d)

(court order): court order is available to “governmental

entities” under this provision

Despite objection, Twitter finally produced the materials after

being threatened with contempt and sanctions

56

Seeking Non-Content Information? Serve a Subpoena:

Achte/Neunte Boll Kino Beteiligungs GMBH & Co. v. Does

1-4577, 736 F. Supp. 2d 212 (D.D.C. 2010)

Court granted leave to serve Rule 45 subpoenas on ISPs

seeking to obtain “information sufficient to identify each

Defendant, including name, current (and permanent)

addresses, telephone numbers, email addresses and

Media Access Control addresses”

District Court denied subsequent Motion to Quash

brought by non-parties whose information would be

produced

57

Beluga Shipping GMBH & CO. KS “Beluga Fantastic” v. Suzlon

Energy, Ltd., 2010 WL 3749279 (N.D. Cal. Sept. 23, 2010)

Foreign party sought to compel emails and records related to accounts

of foreign cross-defendants

Google, based on inability to comply, sought to intervene

Court held contents of emails could not be disclosed without

subscriber’s consent and granted motion to intervene, but ordered

production of documents reflecting: when the accounts were created,

the names of the account holders as provided to Google, the countries

from which the specific email accounts were created

Google instructed to “preserve the snapshot of the emails in the

specific Gmail accounts set forth above” pending further showing of

consent by account holders

58

www.ediscoverylaw.com

2012

Cloud Computing E-Discovery Challenges Implications for Cloud Computing Contracts

October 24, 2012

Tanya L. Forsheit, Esq., CIPP/US Founding Partner, InfoLawGroup LLP

www.infolawgroup.com

tforsheit@infolawgroup.com

310.706.4121

SEGALIS PLLC

E-Discovery Implications for Cloud Computing Contracts

Contractual Considerations

• Searchability/Availability/Forensics

• Preservation/Integrity/Authentication

• Return and Secure Disposal

• Subpoenas, Control and Access

• Extended/Multi-Level Relationships

• Right to Conduct Forensic Exam

• Cross-Border Data Transfers

Sample Provisions 60

SEGALIS PLLC Searchability/Availability/Forensics

“Searchability” and availability of data in cloud

Forensic assessment (identifying, collecting and

preserving data) in cloud context

Metadata

61

SEGALIS PLLC

Preservation, Authentication and Data Integrity

For purposes of meeting evidence preservation

requirements, and discovery obligations in litigation and

government investigations, it may be important for a cloud

services contract to require that a cloud provider preserve

information and provide the customer with access to the

information in the form in which it is maintained in the

ordinary course of business, sometimes on short notice.

62

SEGALIS PLLC

Preservation, Authentication and Data Integrity (cont.)

Duplication/Replication Issues. You may have many extra

copies of data in many additional locations. This could increase

the scope of company preservation obligations (especially if

information is not disposed of pursuant to routine records

retention schedule).

Data Authentication and Integrity. If multiple copies are made

(without your knowledge), it may be difficult to ascertain which

is the “original” (also consider timing issues/server settings).

63

SEGALIS PLLC

Return/Disposal

Like other outsourcing agreements, cloud

contracts should provide for return and/or

secure disposal of the information in

accordance with the customer’s directions.

64

SEGALIS PLLC

Access-Extended/Multi-Level Relationships

Extended Cloud Relationships- Cloud providers use

other cloud providers

Ensure ability to access data when several levels

removed

Where is the data actually being stored, processed

and transmitted?

Has the “direct” cloud provider secured rights to

ensure that it can preserve/gather data?

65

SEGALIS PLLC

Cross-Border Data Transfers

What happens when the data resides in another country?

Conflicting EU Privacy Laws and Blocking Statutes

Contracts Insufficient to Address

Need Safe Harbor/Standard Contractual Clauses/BCRs

Still may not be able to process data for US discovery

66

SEGALIS PLLC

SAMPLE PROVISIONS

67

SEGALIS PLLC

Preservation, Return, and Secure Disposal of Information

“Service Provider shall preserve any information provided by

Customer to Service Provider, including but not limited to any

metadata, in accordance with Customer’s instructions and

requests, including without limitation any retention schedules

and/or litigation hold orders provided by Customer to Service

Provider, independent of where the information is stored

(specifically, and without limitation, even where such

information resides with or is held, processed or stored by a

service provider, sub-contractor, vendor, or other third party).”

68

SEGALIS PLLC

Preservation/Integrity, Return and Secure Disposal of Information (cont.)

“Service Provider shall take reasonable steps to ensure proper destruction (such that information is rendered unusable and unreadable) and return of information to Customer in a format requested by Customer and at Service Provider’s expense when it is no longer needed to perform services pursuant to the Agreement or [x] days following termination of the Agreement. Service Provider shall provide written certification that all such information has been returned and deleted.”

69

SEGALIS PLLC

Subpoenas, Control and Access “Service Provider shall cooperate with Customer in responding to any party, non-

party, or government request for information, including but not limited to

metadata, provided by Customer to Service Provider. In the event that such

requests are served on Customer, Service Provider shall provide Customer with

access to such information in the format in which it is maintained in the ordinary

course of business (or, on Customer’s request, with copies) within [x] hours of

receipt of any request by Customer for such access or copies. In the event that

such a request (in the form of a subpoena, order or otherwise) is provided to or

served on Service Provider, Service Provider shall notify Customer in writing by

electronic mail to [INSERT EMAIL ADDRESS] immediately and in no event more

than [x] hours after receiving the request, subpoena or order. Such notification

must include a copy of the request, subpoena or court order.” 70

SEGALIS PLLC

Subpoenas, Control and Access (cont.)

“Service Provider also shall immediately inform in writing the

third party who caused the request, subpoena or order to

issue or be provided or served on Service Provider that

some or all the material covered by the request, subpoena

or order is the subject of a nondisclosure agreement.”

“Service Provider shall cooperate with Customer in seeking

any protection from disclosure for such information that

Customer shall deem appropriate.”

71

SEGALIS PLLC

Authentication

“In the event that Customer is required to authenticate any of

the information, including without limitation metadata, provided

by Customer to Service Provider, Service Provider shall

cooperate with Customer in providing any requested

assistance with such authentication, including without

limitation testifying (by affidavit, declaration, deposition, in

court, or otherwise) as a custodian of records to authenticate

the information, establish chain of custody, and/or provide any

other requested information.”

72

SEGALIS PLLC

Want More?

Please feel free to contact:

Tanya L. Forsheit

tforsheit@infolawgroup.com

(310) 706-4121

73

2012

Cloud Computing E-Discovery Challenges Implications for Cloud Computing Contracts

October 24, 2012

Tanya L. Forsheit, Esq., CIPP/US Founding Partner, InfoLawGroup LLP

www.infolawgroup.com

tforsheit@infolawgroup.com