DOMAIN 3 - DATA CUSTODY, PRESERVATION & COLLECTION Flashcards
The obligations of the cloud service provider as cloud ________ with regard to the production of information in response to legal process is an issue left to each jurisdiction to resolve.
data handler
In these circumstances, the application and environment will likely be outside the control of the client and require that a ________ or other discovery process be served on the provider directly.
subpoena
As such, clients need to account for the potential additional time and expense this limited access will cause. To the extent the customer is able to _________ or supplement the cloud service agreement, this issue could be addressed ahead of time.
negotiate
Depending on the cloud service and deployment model that a client is using, _________ in the cloud
can be similar to ________ in other IT infrastructures, or it can be significantly more complex.
preservation
In the United States, a party is generally obligated to undertake reasonable steps to prevent the destruction or modification of data in its possession, custody or control that it knows, or reasonably should know, is relevant either to pending or reasonably anticipated litigation or a government investigation. (This is often referred to as a _________ on document destruction.)
“litigation hold”
In the European Union, information preservation is governed under Directive ______ of the European Parliament and of the Council of 15 March 2006
2006/24/EC
A requesting party is entitled only to data hosted in the cloud that contains, or is reasonably calculated to lead to, relevant, probative information for the legal issue at hand. The party is not entitled to all the data in the cloud or in the application.
Scope of Preservation
The burden of preserving data in the cloud may be relatively modest if the client has space to hold it in place, if the data is relatively static, and if the people with access are limited and know to preserve the data. However, in a cloud environment that programmatically modifies or purges data, or one where the data is shared with people unaware of the need to preserve, preservation can be more difficult.
Dynamic and Shared Storage
Because of the potential lack of __________ a client has over its data in the cloud, collection from the cloud can be more difficult, more time-consuming and more expensive than from behind a client’s firewall.
administrative control
Access and Bandwidth: In most cases, a client’s access to its data in the cloud will be determined by its ________.
SLA
Note that FRCP _______ excuses a litigant who is able to show that the information requested is not reasonably accessible
26(b)(2)(B)
Forensics: Bit-by-bit imaging of a cloud data source is generally difficult or impossible. For obvious security reasons, providers are reluctant to allow access to their hardware, particularly in a ________ environment where a client could gain access to other clients’ data.
multitenant
A client subject to a discovery request should undertake reasonable steps to validate that its collection from its cloud provider is complete and accurate, especially where ordinary business procedures for the request are unavailable and litigation-specific measures are being used to obtain the information.
Reasonable Integrity
Due to differences in how data is stored, and the access rights and privileges available to the owner of the data, there are cases where a cloud customer may not be able to access all their data stored in a cloud
Limits to Accessibility
Some __________ may not be able to provide direct access, because the hardware and facilities are outside its possession, custody or control, and a requesting party would need to negotiate directly with the provider for such access.
cloud providers