5. What steps can further manage risk after selecting a service?

Entering into a cloud project is a good reason to start a litigation readiness program if your organization does not already have one in place. Data placed on the cloud should be included in an ESI inventory, such as a data map, both to prevent the overlooking of the repository in the heat of litigation and to provide processes that can help ensure a more effective and economical collection effort. For example, in addition to identifying the existence of the cloud repository and its contents, the data map should also contain the specifics of how to collect and preserve data located on that service. If you have followed my advice and already figured this out before selecting a service, this step should be easy. The data map should also contain a copy of the service agreement, which as discussed above, is central to determining litigation-related obligations.

Should something unexpectedly go wrong during discovery, a consumer can use the data map as evidence of the reasonableness of its efforts, possibly preventing the most severe discovery sanctions.

There are many different types of cloud-based services, ranging from lower-cost offerings that generally provide less control to the consumer as to how and where data is stored and processed, to premium services that provide the consumer with a lot of control. The best way to manage an organization's risk is to select a cloud service that is appropriate for its intended applications in light of identified compliance risks, with the caveat that certain information does not belong in the cloud at all.

Nolan M. Goldberg is a senior associate in the patent group of New York-based Proskauer Rose LLP and a member of the Litigation Department's e-Discovery Task Force.