I read an interesting article not long ago by Mr. Michael Geist, a well-respected Canadian law professor, that got me thinking whether data stored in the cloud by Florida businesses is really secure. The article and Professor Geist’s impressive bio can be found at michaelgeist.ca/content/view/6755/125.
At an increasing pace, businesses around the globe are transitioning their data to cloud storage for a variety of reasons. On September 1, 2012, the Florida legislature enacted a set of comprehensive electronic discovery rules for civil cases that now allow parties in lawsuits to obtain electronically stored information (ESI) from other parties and even non-parties. Businesses can and should be taking steps now to ensure they can avail themselves of the safe harbor provisions of those Rules with data management and litigation hold plans prepared by and with their business counsel. The Law Office of David Steinfeld has several videos and articles on these plans on its website at http://www.davidsteinfeld.com for your reference.
Which brings us to the question of whether data is secure in the cloud and why this is important for every business to consider when selecting a cloud storage provider. In addition to protecting proprietary data and trade secrets of the business and ensuring access at all times, you should consider where the data is stored and what the policies of the storage provider are with regard to allowing third-party access.
Professor Geist’s article addressed the US Government’s efforts to obtain the cloud data of a company under investigation in a criminal case, but in civil discovery the standard that Judges apply is whether a business has possession, custody or control over certain data. While a business may not have physical possession or actual custody over ESI as it once did when paper documents were in a file cabinet at the business’s office, the choice to store ESI on servers hosted by another will most likely lead to a determination by a Court that the business at least has control over the data requiring production of the data if all other requisite elements are met.
Therefore, it is important for any business storing data in the cloud or migrating data to the cloud to consider the policies and procedures of the cloud provider and to understand when that provider may refuse access or allow third-party access to the business’s data.