eDiscovery in the Cloud

It is a known fact that cloud computing can enable your law firm to do more with fewer resources and expand your capabilities. With the cloud, you will have access to the processing power that can fuel traditional productivity applications, presentation development, personnel management, and even sophisticated business applications, such as content management, sales automation, and more.

Even the federal government agencies that are known to have a conservative approach toward new technologies are now leveraging the power of the cloud. In order to avoid duplication and provide significant savings, the Federal Risk and Authorization Management Program (FedRAMP) standardizes the security assessments of Cloud services and products across all government entities. It is clear that cloud computing is now a widely-accepted solution in mid-sized and large-sized law firms. If you are planning to migrate to the cloud, there are some things that you have to focus on.

When it comes to eDiscovery, it poses quite a few challenges for law firms and any organization that must ensure that its ESI complies with the eDiscovery law requirements. One of the most significant challenges is collecting, storing, and managing a large volume of diverse data, its history, and metadata. Since a lot of data is created on in-cloud applications and mobile devices, it might not be captured by your tools. 

The ESI corpus might stay dormant for a long time, but when needed, it can be restored easily and reliably. However, in order for this to happen, you need resources capable of processing and analyzing the ESI. You need special infrastructures to fulfill the requirements of eDiscovery. 

With eDiscovery in the cloud, you will be able to address these challenges. It will automate the eDiscovery process and offer less error-prone and more robust eDiscovery compliance. You will also benefit from the costs of reduced data storage. Moreover, when you need data outside the organization, cloud computing can make it easier for you to access this information. Your law firm will be able to streamline your analysis and review workflows. The stakeholders can decrease the data center footprints and benefit from the on-demand scalability and elasticity offered by the cloud.

The Misconception of Cloud-Based Security Risks

From Cloud Data Collections to Hosting

There is a common perception that cloud-based systems have greater security risks compared to traditional systems. However, the truth is that the cloud is the more secure option. eDiscovery software vendors have to undertake the arduous task of getting their security certifications. They invest a lot of money and time in security development and have teams specifically dedicated to improving network security. 

So, when you decide to use a cloud based eDiscovery software, you will gain access to their cloud security and eDiscovery resources without creating and maintaining it yourself. And security benefits are not the only advantage of adopting a cloud based eDiscovery solution. It will also streamline your review process and reduce costs.

Factors to Consider When Transitioning to the Cloud

The cloud computing benefits, such as time and cost-saving advantages, are quite powerful. However, the risks involved with cloud computing shouldn’t be underestimated. Since there are legal issues involved, it is important to address these risks and gain knowledge about these hidden issues. The eDiscovery process is a vulnerable situation for law firms as well as clients since it encompasses data security, business continuity, compliance, and cross-border legality. So, in order to have a seamless transition to cloud, it is crucial to consider certain factors, including:

Section Image

Information governance policies cover procedures used for classifying, retaining, and collecting data. As per the Federal Rules of Civil Procedure (FRCP), a party to litigation is expected to preserve and be able to produce electronically-stored information that is “in its possession, custody or control.” With cloud computing, you will be able to add an additional layer to the process involved in preserving, collecting, and producing ESI. 

Your IT team and compliance officers must work together to ensure that all the procedures, policies, and technologies in place safeguard any privileged or confidential information. You must formulate a plan that outlines the policies to preserve ESI, especially when legal holds are issued during eDiscovery. All the data pertaining to the litigation, investigation, inquiry, or dispute must be protected. 

It is important to note that procedures you must comply with might vary per the industry requirements, for example, PCI-DSS (Payment Card Industry Data Security Standard), HIPAA (Health Insurance Portability and Accountability Act), and Sarbanes-Oxley. 

In order to manage the costs associated with achieving compliance measures, it is imperative to develop sound information governance policies, user education, and other key measures. It will allow your law firm as well as your clients to respond to eDiscovery requests effectively.

Information Governance and Litigation Preparedness

Section Image

Instances of online security breaches have become a common occurrence. And even though security is considered to be a key barrier to cloud computing adoption, not many leaders recognize cloud security and eDiscovery as one of their responsibilities. It is crucial to bridge this gap through a robust security program. It will include data encryption, firewall, access controls, intrusion detection, perimeter scanning, and more. In order to facilitate this, you must limit access permissions to users and systems involved in the production, processing, review, and hosting of the data. This restriction of access extends to eDiscovery specialists, litigation support, paralegals, and system or database administrators.

Security and Data Protection

Section Image

The location of stored data significantly impacts the eDiscovery process. While you evaluate different cloud providers, you must consider the physical location of the data. You have to figure out whether the cloud involves shared pools of storage capacity or dedicated storage area networks. Private cloud storage is usually dispersed throughout the world in different geographical locations. So, in order to manage their internal capacity, the data-hosting provider might shift your data to anywhere in the world. 

This might be advantageous for capacity management but also exposes you to liability because you won’t know about the unknown data copies. It compromises your ability and your client’s ability to respond to eDiscovery requests, adhere to data security laws and produce ESI.

Storage and Privacy Issues

Section Image

After addressing the data storage and security issues, you should focus on data integrity, which involves identifying, preserving, collecting, and destructing the data. The first thing you have to focus on is the electronically stored information (ESI) source. 

It’s important to note that ESI isn’t just some e-files stored on your servers. It can also refer to cloud emails, cloud data storage, social media, SaaS applications, personal devices, and any system that the cloud provider hosts. Now, this adds another level of complexity and technology hurdles. Data sources like online messaging or extensible mark-up language (XML) based documents are in a dynamic state and change via continuous user interaction. This presents quite a challenge as your client might have to testify defensibly that the data and metadata weren’t subjected to spoliation at any given point in time. Spoliation here refers to the failure to preserve evidence or its willful destruction. 

You or your clients might also have to assure the data integrity of their cloud-based data sources. All the evidence must be kept intact, including the emails, files, and underlying metadata. With a cloud based eDiscovery software such as Casepoint, you can collaborate safely and reduce data transfers. You will be able to preserve data to avoid spoliation and not be liable.

Data Integrity

Section Image

In order to transfer data from its collection point to the stage where it is used for eDiscovery review, it’s crucial that data and metadata remain intact. In typical eDiscovery data loads, load files containing “tagging” information and metadata are used. Tagging information is the field value coded to provide categorization and additional context. However, technical issues in the cloud, such as security breaches, DNS incidents, or security failures, won’t give you a free pass when opposing counsel or regulatory bodies request data production in accordance with the guidelines. When looking for a cloud provider, make sure that it protects privileged information proactively. A single preventative step that you take today can protect your client in the future.

Discovery Review and Production

Section Image

This is another crucial factor to consider. When taking a look at the written contract with the cloud service provider, make sure that it contains provisions protecting you and your clients in key areas—data integrity, security, business continuity, and data integration. 

Just like it is with any legal contract, you must review the language as thoroughly as you can. Don’t forget to take a look at the “fine print”, as it can surprise legal and IT professionals as well. Make sure that your cloud service provider has communicated everything in clear and concise terms, especially what will happen in the event of a data-loss incident or security or contact breach. It should provide assistance and a system to transfer and extract the information in a format that can be used for the eDiscovery process.

 Another area to focus on is business continuity, which includes getting back online and getting the data back after a security breach. You should also take a look at the Recovery Time Objective (RTO) and Recovery Point Objective (RPO). RTO refers to the time taken to restore the operations after an outage, while RPO refers to the time taken to address the data loss or restore the client data. Your legal and IT team must work together to create a contingency plan in case there is a prolonged service disruption.

Cloud Service Providers and Contracts


If you are able to leverage the power of cloud computing, you will be able to enjoy significant efficiency and business benefits. Implementing best practices can further increase cloud computing potential in the legal industry, especially for the eDiscovery process. With a cloud based eDiscovery software such as Casepoint, you will have access to a mature platform that has been innovating its technology for the past decade.