Opinion: 5 legal questions to ask before entering the cloud


2. Will it be easier for a litigant to discover our data on the cloud?

When an organization uses a cloud computing service, it is potentially creating an additional source of access to its data. A litigation opponent could, in certain cases, seek the discovery of the organization's data (or information relating to that data, such as log files) directly from the cloud provider. In most cases, such a request may be objectionable as more properly served upon the consumer of the cloud services. However, a direct discovery request or subpoena to the cloud vendor might be the only way to discover certain information that cannot be obtained through the consumer. For example, certain metadata relating to a consumer's documents may be under the control of the vendor, and not the consumer, under the terms of the service agreement.

The consumer can contractually obligate the vendor to notify it should the vendor receive a request or subpoena for the consumer's data. It might also be a good idea to obligate the vendor either to directly resist the request for the data, to give the consumer an opportunity to resist the request, or at least to protect and data that is turned over with appropriate confidentiality restrictions.

3. How do we preserve the value of information placed onto the cloud?

The value of some data placed onto the cloud can be diminished if proper technological and contractual controls are lacking, resulting in the data being impermissibly exposed to a third party. Examples of such data are trade secrets and privileged communications.