> Now, they could make some crazy play to extend discovery to Google or Atlassian ... Discovery is often used as a tool of attrition, to wear down the guy with the smaller wallet
Not that crazy. If the data exists, the fact that it's on a cloud vendor's backup tape is your problem.
On a technical level, I can understand your concerns. I am a developer, and it took me some time to get my head around how it works. But, the bottom line is -- it IS that crazy.
Discovery isn't what you would think from popular culture ... if you served my company with discovery request, "we" (all the lawyers and companies) would have a meeting about it -- you would want to extend your grasp, we would look to shrink it. Most of the time, you would end up with something like "All emails about 'blue paint' between April 2011 and March 2012". Then it is up to ME and my company to find all those emails and provide them to you. Even knowing my email provider would likely be outside the scope. Discovery isn't to FIND a civil issue, it is to find evidence of one already filed issue, so fishing is explicitly not allowed.
Corporate policies are a huge part of the discovery process, what makes it hellish is when you have NO policy around something (like email) because then you have to provide data or prove you don't have it. Our proof is our policy and technical measures.
Our lack of recording data (logging) IS our record management strategy (and a wholly valid one) that massively reduces our costs if we ever get sued.
The "cloud vendor's backup tape" is largely a straw man brought up by engineers rather than lawyers, I think I may have been guilty of bringing it up prior to learning about the discovery process.
It's more expensive and more complicated, but it's not crazy.
To quote the article "Stay tuned – this is a fight that will happen over and over again, and there will be more guidance provided by the courts in the coming years."
As long as the data exists, there's a very real risk someone is going to want it. If it's managed by an off-the-shelf SaaS vendor, where and how that data exists is entirely outside your control.
That article basically agrees with me. Additionally -- notice how it doesn't point to explicit existing examples, but implies "future problems" -- as did the 2006 article.
"In the vast majority of cases, cloud data that is accessible by the end-user will meet discovery needs and obligations."
and
(regarding going after cloud providers) "Serving a subpoena and ensuring compliance can be challenging and potentially expensive. Whether such efforts are worth the expense and effort will depend on the specific needs of each case. Cloud providers are likely to resist compliance with a subpoena under provisions of Title II of the Electronic Communications Privacy Act, otherwise known as the Stored Communications Act (“SCA”)."
Additionally, a director at http://tsemerge.com/ is hardly an unbiased reality oriented 3rd party. The more scared you are -- and the more complex it seems -- the more likely you are to hire them.
As for "Cloud providers are likely to resist", I dare say what's more likely to resist is controlling your own data and simply not having it stored anywhere in the first place.
Not that crazy. If the data exists, the fact that it's on a cloud vendor's backup tape is your problem.
http://searchcio.techtarget.com/report/Avoid-lawsuit-nightma...