This article presents a summary of certain notable rules, statutes, and common law principles and identifies some practical concerns pertinent to e-discovery in the cloud.
It is always difficult to appreciate the scope and volume of information that may be called for in litigation or in an investigation. The presence of corporate data in the cloud multiplies those considerations.
Rules and Statutory Considerations
The Federal Rules of Civil Procedure
Rule 26
The usual Rule 26 of the Federal Rules of Civil Procedure obligations extend to data stored in the cloud. Information stored in the cloud is electronically stored information or ESI.
As part of a party's initial disclosures under Rule 26(a)(1)(A), a party must "without awaiting a discovery request, provide to the other parties: ... (ii) a copy--or a description by category and location--of all documents, electronically stored information, and tangible things that the disclosing party has in its possession, custody, or control and may use to support its claims or defenses, unless the use would be solely for impeachment," including ESI held by a third-party cloud service provider. Similarly, a party must identify any cloud data as part of its pretrial disclosures/exhibit list under Rule 26(a)(3).
Parties to litigation can discover data in a party's possession, custody, or control that is located in a cloud just like they can discover any other ESI in a party's possession, custody, or control. "Parties may obtain discovery regarding any nonprivileged matter that is relevant to any party's claim or defense--including the existence, description, nature, custody, condition, and location of any documents or other tangible things." (1) Unless the ESI is not "reasonably accessible" due to undue burden or cost (whether it resides in a cloud or elsewhere), it is subject to discovery. (2)
Rule 34
Under Rule 34 of the Federal Rules of Civil Procedure, a party may serve on any other party a request within the scope of Rule 26(b):
(1) to produce and permit the requesting party
or its representative to inspect, copy, test, or sample
the following items in the responding party's
possession, custody, or control: (A) any designated
documents or electronically stored information--including
writings, drawings, graphs, charts, photographs,
sound recordings, images, and other
data or data compilations--stored in any medium
from which information can be obtained either
directly or, if necessary, after translation by
the responding party into a reasonably usable
form. (3)
The requests should specify, among other things, the form or forms in which ESI is to be produced. (4)
Rule 34(b)(2)(A) provides 30 days to respond in writing to a document request. The response may state an objection to a requested form for producing ESI. If the responding party objects to a requested form--or if no form was specified in the request--the party must state the form or forms that it intends to use. (5)
In the absence of a stipulation or court order, a party must produce ESI in a form or forms in which it is ordinarily maintained or in a reasonably usable form or forms. (6)
Thus, barring a stipulation or court order, a party must produce ESI ordinarily stored or maintained in a cloud in the form in which it is ordinarily maintained in the cloud or in a reasonable usable form.
Rule 37
Of particular significance to companies that store ESI in the cloud, a court may not impose sanctions on a party for failing to provide ESI lost as a result of the routine, good faith operation of an electronic information system. (7) It remains to be seen, however, how a party might demonstrate that discoverable ESI was lost as the result of the routine, good faith operation of a cloud service.
Rule 45
A nonparty cloud service provider may be compelled to produce documents and tangible things or to permit an inspection pursuant to Rules 34(c) and 45. "A command in a subpoena to produce documents, electronically stored information, or tangible things requires the responding party to permit inspection, copying, testing, or sampling of the materials." (8) The issuing court may hold in contempt a nonparty cloud service provider that, having been served, fails without adequate excuse to obey the subpoena. (9)
A party seeking discovery from a nonparty cloud service provider must seek issuance of the subpoena from the court for the district in which the production or inspection is to be made (1 .e., the district in which the cloud service provider is located). (10) As under Rule 34, "[a] subpoena may specify the form or forms in which electronically stored information is to be produced," (11) and if a subpoena does not specify a form for producing data in the cloud, the responding nonparty cloud service provider must produce the ESI in a form or forms in which it is ordinarily maintained or in a reasonably usable form or forms. (12)
Under Rule 45(c)(2)(B), a nonparty cloud service provider may serve a written objection to inspecting, copying, testing, or sampling any or all of the materials or to inspecting the premises or to producing ESI. The objection must be served before the earlier of the time specified for compliance or 14 days after the subpoena is served. If an objection is made, the serving party may move the issuing court for an order compelling production or inspection.
The nonparty cloud service provider need not provide discovery of ESI from sources that it identifies as not reasonably accessible because of undue burden or cost. (13) A court might treat such claims of a cloud service provider with skepticism, however. On a motion to compel discovery or for a protective order, the cloud service provider bears the burden of demonstrating that the information is not reasonably accessible because of undue burden or cost. Even if the cloud service provider successfully makes such a showing, the court may nonetheless order discovery if the requesting party shows good cause. (14)
The Stored Communications Act
The Stored Communications Act, (15) part of the Electronic Communications Privacy Act (ECPA), regulates when an electronic communication service or a remote computing service provider may disclose the contents of and/or other information about a customer's emails to private parties. Obviously, the Stored Communications Act may have significant implications for cloud providers.
In United States v. Weaver, (16) a case involving child pornography charges, the court focused on the unique nature of Web (or cloud)-based email services. (17) With Webmail, a copy stored by the host in the cloud, in this case Microsoft Hotmail, might be the only copy, not just a backup. Therefore, the court found that the emails sought by the government were not in electronic storage and the government needed only a trial subpoena, not a warrant.
The Digital Due Process Coalition, a group including Microsoft, Google, AOL, eBay, Intel, Loopt, Salesforce. com, AT&T, the ACLU, the American Library Association, the Center for Democracy & Technology, and the Computer and Communications Industry Association, is calling for revisions to ECPA (enacted in 1986), arguing that it is outdated and does not provide adequate protection of personal data stored in the cloud. Among other things, the coalition wants protections for data stored in the cloud to be as strong as protections for data stored locally on a computer and wants to revise the law to require law enforcement to obtain a search warrant to access private communications and the locations of mobile devices. Senate Judiciary Committee Chairman Patrick Leahy (D-VT) has announced plans to hold hearings on potential revisions of ECPA.
Reasonable Expectations of Privacy and Attorney-Client Privilege
Parties storing data in the cloud and nonparty cloud service providers alike need to consider privacy and privilege issues in responding and/or objecting to discovery requests and subpoenas. This topic could occupy its own course. This article will highlight one recent case that explores these developing issues in detail and comes out on the side of protecting employee privacy and the attorney-client privilege.
Stengart v. LovingCare Agency, Inc., (18) involved the use by employee Marina Stengart of a company-issued laptop to exchange emails with her lawyer through her personal, password-protected, Web-based email account. Stengart filed an employment discrimination lawsuit against her employer, LovingCare Agency, Inc.
"In anticipation of discovery, LovingCare hired a computer forensic expert to recover all files stored on the laptop including the e-mails, which had been automatically saved on the hard drive. LovingCare's attorneys reviewed the e-mails and used information culled from them in the course of discovery." Interestingly, Stengart's lawyer demanded that his communications with Stengart, which he considered privileged, be identified and returned. LovingCare's counsel disclosed the documents to Stengart's lawyer but argued that the company had the right to review them. Stengart sought relief.
The trial court found that, as a result of LovingCare's written policy on electronic communications, Stengart waived the attorney-client privilege by sending emails on a company computer. The New Jersey Appellate Division reversed, holding that LovingCare's counsel violated New Jersey Rule of Professional Conduct 4.4(b) by reading and using the privileged documents. (19)
In a ruling based on the very particular factual circumstances of the LovingCare case, the New Jersey Supreme Court held that "Stengart could reasonably expect that e-mail communications with her lawyer through her personal account would remain private, and that sending and receiving them via a company laptop did not eliminate the attorney-client privilege that protected them." The court further found that, "[b]y reading e-mails that were at least arguably privileged and failing to notify Stengart promptly about them, LovingCare's counsel breached RPC 4.4(b)." The court remanded to the trial court to determine what, if any, sanctions should be imposed on counsel for LovingCare.
Yahoo! Webmail is a cloud service. LovingCare had access to those materials without a password because, "[u]nbeknownst to Stengart, certain browser software in place automatically made a copy of each web page she viewed, which was then saved on the computer's hard drive in a 'cache' folder of temporary Internet files. Unless deleted and overwritten with new data, those temporary Internet files remained on the hard drive." Thus, LovingCare easily found the information when its forensic expert reviewed the laptop for purposes of discovery in the litigation. "Among the items retrieved were temporary Internet files containing the contents of seven or eight e-mails Stengart had exchanged with her lawyer via her Yahoo account."
LovingCare's attorneys argued that Stengart had no reasonable expectation of privacy in files on a company-owned computer in light of the company's policy on electronic communications. That "Electronic Communication policy" was contained in LovingCare's "Administrative and Office Staff Employee Handbook." The policy at issue provided that LovingCare:
reserves and will exercise the right to review, audit,
intercept, access, and disclose all matters on the
company's media systems and services at any time,
with or without notice.... E-mail and voice mail
messages, internet use and communication and
computer files are considered part of the company's
business and client records. Such communications
are not to be considered private or personal
to any individual employee. The principal purpose
of electronic mail (e-mail ) is for company business
communications. Occasional personal use is
permitted; however, the system should not be used
to solicit for outside business ventures, charitable
organizations, or for any political or religious purpose,
unless authorized by the Director of Human
Resources.
The policy prohibited "[c]ertain uses of the e-mail system," including sending inappropriate sexual, discriminatory, or harassing messages, chain letters, "[m]essages in violation of government laws," or messages relating to job searches, business activities unrelated to LovingCare, or political activities. The policy provided that "'[a]buse of the electronic communications system may result in disciplinary action up to and including separation of employment.'"
In resolving the LovingCare matter, the New Jersey Supreme Court looked to both privacy and privilege concerns. The court found that, given the ambiguity of LovingCare's Electronic Communication Policy and the sanctity of the attorney-client privilege, Stengart "could reasonably expect that e-mails she exchanged with her attorney on her personal, password-protected, web-based e-mail account, accessed on a company laptop, would remain private."
Stengart had a subjective expectation of privacy because she "plainly took steps to protect the privacy of those e-mails and shield them from her employer. She used a personal, password-protected e-mail account instead of her company e-mail address and did not save the account's password on her computer." She had an objective expectation of privacy because the policy said nothing about such personal emails and her communications were protected by the attorney-client privilege:
The Policy does not address personal
accounts at all. In other words, employees do
not have express notice that messages sent or
received on a personal, web-based e-mail account
are subject to monitoring if company equipment
is used to access the account.
The Policy also does not warn employees that the
contents of such e-mails are stored on a hard drive
and can be forensically retrieved and read by LovingCare.
(Emphasis added).
The policy goes on to declare that emails "are not to be considered private or personal to any individual employee." In the very next point, the policy acknowledges that "[o]ccasional personal use [of email] is permitted." As written, the policy creates ambiguity about whether personal email use is company or private property.
The court identified a split in authority. Some jurisdictions have reached a similar conclusion that employees retain a reasonable expectation of privacy in similar factual circumstances.20 Other courts have found to the contrary, rejecting any expectation of privacy, especially when an employee uses a company email system.21 The LovingCare court did not deny employers the ability to restrict personal communications by employees using Web-based cloud services on company-owned computers. To the contrary:
Companies can adopt lawful policies relating to
computer use to protect the assets, reputation, and
productivity of a business and to ensure compliance
with legitimate corporate policies. And employers
can enforce such policies. They may discipline
employees and, when appropriate, terminate them,
for violating proper workplace rules that are not
inconsistent with a clear mandate of public policy.
There are limits, however, and the court signaled that an employer cannot enforce a policy that prohibits all personal communications and reserve the right to read attorney-client communications:
[E]mployers have no need or basis to read the
specific contents of personal, privileged, attorney-client
communications in order to enforce corporate
policy. Because of the important public policy
concerns underlying the attorney-client privilege,
even a more clearly written company manual-that
is, a policy that banned all personal computer
use and provided unambiguous notice that an
employer could retrieve and read an employee's
attorney-client communications, if accessed on
a personal, password-protected e-mail account
using the company's computer system-would not
be enforceable.
We can expect to see much more litigation and discovery involving employee use of cloud services, including Webmail, social networking, and mobile devices, in the years to come.
Cross-Border Discovery: EU Member Country Laws Promulgated Pursuant to the EU Data Protection Directive and Foreign Blocking Statutes
The broad discovery permitted under the Federal Rules of Civil Procedure often conflicts with European Union member country privacy laws promulgated pursuant to the EU Data Protection Directive (22) as well as foreign blocking statutes. (23) A detailed analysis of cross-border discovery problems is beyond the scope of this article. (24)
It is sufficient to note that courts in the United States sometimes disregard foreign blocking statutes or data privacy laws when it comes to discovery under the Federal Rules of Civil Procedure. Alternatively, US courts may employ the following test from the Restatement (Third) of Foreign Relations Law:
[T]he importance of the documents or information
requested to the litigation; (2) the degree of specificity
of the request; (3) whether the information
originated in the United States; (4) the availability
of alternative means of retrieving the information;
and (5) the extent to which noncompliance with
the request would undermine important interests
of the United States, or compliance with the
request would undermine the important interests
of the state where the information is located.
The conflict between US discovery rules, on the one hand, and foreign privacy laws and blocking statutes, on the other hand, may be even more pronounced in the cloud, where cloud users may not even know where data resides, and cloud service providers may transfer data to new locations without disclosure to a customer. Thus, contractual protections, negotiated well in advance, have even greater significance.
Practical Considerations for Discovery in the Cloud
Preservation/Retention/Disposal
Numerous statutes and regulations, federal and state, including but not limited to tax, securities, SOX, and employment regulations, mandate that different categories of documents be maintained for certain periods of time. Making matters more complicated, numerous additional regulations require that information that is no longer needed for a business or legal purpose be destroyed such that it cannot be read or reconstructed (see, e.g., the FACTA data disposal rule and state data disposal laws).
In addition, organizations must put in place litigation holds pursuant to their duty2 5 to preserve relevant evidence if they are sued or reasonably anticipate litigation or an investigation. "The obligation to preserve evidence arises when the party has notice that the evidence is relevant to litigation or when a party should have known that the evidence may be relevant to future litigation."26
Needless to say, data preservation, retention, and disposal obligations extend to data in the cloud. One of the unique attributes of the cloud is the ability to quickly and inexpensively replicate data for backup and disaster recovery purposes. Cloud users may not even realize how many copies of their data exist in a cloud environment.
Records Retention Policies
Organizations often have records retention policies and procedures in place to promote accessibility of information, protect sensitive information, and reduce the costs associated with storage of data that no longer serves any business or legal purpose. Those policies and procedures often call for the routine elimination of electronic information when it has outlived its business purpose and is no longer required to be retained for any legal reason.
Organizational records retention policies and procedures also address the need to suspend routine disposal and recycling of information in the event of a litigation hold requiring the ongoing preservation of certain categories of data that may be relevant to current or future litigation. Cloud users should incorporate cloud data into records retention policies, data maps, litigation holds, and disposal procedures.
Litigation Holds
Further, in the event of a litigation hold, a cloud user may need to take special steps (via contract or otherwise) to ensure that data in the cloud, which may be continuously replicated and/or overwritten, is preserved in a forensically sound manner. If data is already subject to a litigation hold, potential users of the cloud should evaluate whether such data should be placed in the cloud in the first instance.
The Rule 26 Conference
Parties must be prepared to discuss cloud data at the Rule 26 conference. Under Rule 26(f)(1) of the Federal Rules of Civil Procedure, "the parties must confer as soon as practicable--and in any event at least 21 days before a scheduling conference is to be held or a scheduling order is due under Rule 16(b)." Among the many things that must be discussed at the conference are the disclosures required by Rule 26(a)(1) and any issues about preserving discoverable information.87 In addition, the parties must develop a proposed discovery plan at the Rule 26 conference. The parties must then submit to the court, within 14 days of the conference, a written report outlining the discovery plan.
The written discovery plan must include the parties' views and proposals on, among other things, "the subjects on which discovery may be needed, when discovery should be completed, and whether discovery should be conducted in phases or be limited to or focused on particular issues" and "any issues about disclosure or discovery of electronically stored information, including the form or forms in which it should be produced."28 The Rule 26 written discovery plan must address discovery of data stored in any cloud, just like all other ESI.
Control/Access/Collection
Who has control of data in the cloud? The data owner does. Ordinarily, that will be the organization that is putting data in the cloud, not the cloud provider. Both users and providers of cloud services should carefully review and negotiate the terms of agreements to specify who technically owns the data in the cloud, however.
Agreements should also address how the cloud user and cloud provider will cooperate in responding to party or nonparty discovery requests. The agreement should address the following questions, among others:
* In the event of a Rule 34 request to the cloud user, how will the cloud user access the data in the cloud?
* How quickly will the cloud user be able to access the data in order to review it for discovery purposes?
* In the event of a subpoena to a nonparty cloud provider, how will the cloud provider respond?
* Will the cloud provider notify the cloud user, and how quickly?
* Will the cloud provider seek a protective order to prevent and/or limit the disclosure of the cloud user's data?
* Is the cloud provider legally required to turn over the data and/or prohibited from doing so under the Stored Communications Act or other statutes?
Metadata
Of course, litigants may also discover metadata. Almost inevitably, ESI in the form in which it is ordinarily maintained will contain metadata. Cloud users responding to Rule 34 requests need to determine in what form they will produce ESI in the cloud. They also need to consider, in advance, the potential need for special protections and objections with respect to that cloud metadata; it may be too late to consider such objections once the cloud data review is underway. Further, cloud providers (and users alike) need to consider the possibility that certain metadata will reside only with the cloud provider and how that affects the parties' discovery obligations (especially if the cloud provider might be considered the data owner for purposes of that metadata).
Admissibility
The flipside of the explosion of case law and commentary addressing e-discovery over the past several years, particularly since the amendments to the Federal Rules in late 2006, is the stunning lack of case law addressing admissibility of ESI. US Magistrate Judge Paul W. Grimm gave extensive attention to those issues, however, in Lorraine v. Markel Am. Ins. Co.29 Lorraine was an unlikely candidate to spawn a 100-page opinion on authentication of electronic evidence; it involved a yacht struck by lightning. Judge Grimm, however, clearly disappointed by the parties' failure to authenticate even basic emails (they were simply attached to the parties' motions as exhibits), took the opportunity to provide much needed guidance.
Judge Grimm's guidelines, going back to basics, are well worth a read. Like any other litigant purporting to introduce ESI as evidence, a litigant introducing cloud data must be able to demonstrate that the ESI is relevant and authentic, that it is not precluded by the hearsay rule (or fits within one of its exceptions) or the best evidence rule, and that its probative value is not substantially outweighed by the danger of unfair prejudice. As noted by the court in Lorraine:
Whether ESI is admissible into evidence is determined
by a collection of evidence rules that present
themselves like a series of hurdles to be cleared
by the proponent of the evidence. Failure to clear
any of these evidentiary hurdles means that the
evidence will not be admissible. Whenever ESI is
offered as evidence, either at trial or in summary
judgment, the following evidence rules must be
considered: (1) is the ESI relevant as determined
by Rule 401 (does it have any tendency to make
some fact that is of consequence to the litigation
more or less probable than it otherwise would be);
(2) if relevant under 401, is it authentic as required
by Rule 901(a) (can the proponent show that
the ESI is what it purports to be); (3) if the ESI
is offered for its substantive truth, is it hearsay as
defined by Rule 801, and if so, is it covered by an
applicable exception (Rules 803, 804 and 807); (4)
is the form of the ESI that is being offered as evidence
an original or duplicate under the original
writing rule, or if not, is there admissible secondary
evidence to prove the content of the ESI (Rules
1001-1008); and (5) is the probative value of the
ESI substantially outweighed by the danger of
unfair prejudice or one of the other factors identified
by Rule 403, such that it should be excluded
despite its relevance.
Litigants may find a number of these evidentiary hurdles particularly challenging when it comes to cloud data, especially authenticity and hearsay. The proponent of even an email, blog post, IM, tweet, or other communication that resides only in the cloud may need to secure declarations, deposition testimony, or even live testimony of the author(s), the recipient(s), the data custodian, and/ or the cloud provider itself. The same analysis must be considered for each and every such communication.
Cost
The costs associated with any e-discovery can be substantial. In the absence of well-drafted agreements between cloud users and providers, the presence of data in the cloud can only exacerbate those e-discovery costs. The parties to a cloud services agreement must determine which party will cover the costs associated with preserving, accessing, collecting, reviewing, and establishing admissibility of data in the cloud. Parties considering use of the cloud for certain kinds of data should evaluate whether the cost savings associated with using the cloud for that particular purpose outweigh the costs associated with processing data for discovery purposes if and when that becomes necessary.
Notes
(1.) Fed. R. Civ. P. 26(b)(1).
(2.) Fed. R. Civ. Proc. 26(b)(2)(B).
(3.) Fed. R. Civ. Proc. 34(a)(1)(A).
(4.) Fed. R. Civ. Proc. 34(b)(1)(C).
(5.) Fed. R. Civ. Proc. 34(b)(2)(D).
(6.) Fed. R. Civ. Proc. 34(b)(2)(E)(2).
(7.) Fed. R. Civ. Proc. 37(e).
(8.) Fed. R. Civ. Proc. 45(a)(1)(D).
(9.) Fed. R. Civ. Proc. 45(e).
(10.) Fed. R. Civ. Proc. 45(a)(2)(C).
(11.) Fed. R. Civ. Proc. 45(a)(1)(C).
(12.) Fed. R. Civ. Proc. 45(d)(1)(B).
(13.) Fed. R. Civ. Proc. 45(d)(1)(D).
(14.) Fed. R. Civ. Proc. 45(d)(1)(D).
(15.) 18 U.S.C. [section][section] 2701, et seq.
(16.) United States v. Weaver, 636 F. Supp. 2d 769 (C.D. Ill. 2009).
(17.) The Weaver court noted that Microsoft, in providing Hotmail, is both an "electronic communications service" and a provider of a "remote computing service" under the Stored Communications Act.
(18.) Stengart v. LovingCare Agency, Inc., 990 A.2d 650 (N.J. Mar. 30, 2010).
(19.) Rule 4.4(b) states that "[a] lawyer who receives a document and has reasonable cause to believe that the document was inadvertently sent shall not read the document or, if he or she has begun to do so, shall stop reading the document, promptly notify the sender, and return the document to the sender."
(20.) See, e.g. , National Economic Research Associates v. Evans, 21 Mass. L. Rptr. No. 15, at 337 (Mass. Super. Ct. Sept. 25, 2006) (employee used a company laptop to send and receive attorney-client communications by email using his personal, password-protected Yahoo account and not the company's email address); In re Asia Global Crossing, Ltd., 322 B.R. 247, 257 (Bankr. S.D.N.Y. 2005) (four-part test to "measure the employee's expectation of privacy in his computer files and email": (1) does the corporation maintain a policy banning personal or other objectionable use, (2) does the company monitor the use of the employee's computer or email, (3) do third parties have a right of access to the computer or emails, and (4) did the corporation notify the employee, or was the employee aware, of the use and monitoring policies); Convertino v. US Dep't of Justice, 674 F. Supp. 2d 97 (D.D.C. Dec. 10, 2009) (finding reasonable expectation of privacy in attorney-client emails sent via employer's email system); Curto v. Medical World Communications, Inc. , 99 Fed. Empl. Prac. Cas. (BNA) 298 (E.D.N.Y. May 15, 2006) (employee working from a home office sent emails to her attorney on a company laptop via her personal AOL account).
(21.) See, e.g., Smyth v. Pillsbury Co., 914 F. Supp. 97, 100-101 (E.D. Pa.1996) (finding no reasonable expectation of privacy in unprofessional emails sent to supervisor through internal corporate email system); Scott v. Beth Israel Med. Ctr., Inc., 17 Misc. 3d 934, 847 N.Y.S. 2d 436, 441-443 (N.Y. Sup. Ct. 2007) (finding no expectation of confidentiality when company email used to send attorney-client messages).
(22.) Processing (i.e., collection, organization, storing, retrieving, holding, using, consulting, disclosure, transmission, copying, and/or making available) of personal information of EU residents (broadly defined as any information relating to an identified or identifiable natural person or "data subject") for purposes of US discovery is not permitted under EU member country privacy laws.
(23.) In late 2007, France convicted a lawyer for violating its blocking statute in connection with discovery.
(24.) The Article 29 Working Party of the European Commission has explored the issues in its Working Document 1/2009 on pre-trial discovery for cross border civil litigation (European Commission, Working Document No. WP 158, 2009).
(25.) See, e.g., Zubulake IV, Zubulake v. UBS Warburg LLC, 220 F.R.D. 212 (S.D.N.Y. 2003).
(26.) Zubulake IV, 220 F.R.D. at 216.
(27.) Fed. R. Civ. Proc. 26(f)(2).
(28.) Fed. R. Civ. Proc. 26(f)(3)(B) & (C).
(29.) Lorraine v. Markel Am. Ins. Co., 241 F.R.D. 534 (D. Md. 2007).
Tanya L. Forsheit is one of the founding partners of the InformationLawGroup, based in Los Angeles, CA. Tanya founded the InformationLawGroup after 12 years as a litigator and privacy/data security counselor at Proskauer Rose LLP, where, most recently, she was co-chair of the firm's international privacy and data security practice group. In 2009, Tanya was named one of the Los Angeles Daily Journal's Top 100 women litigators in California.
Source Citation
Forsheit, Tanya L. "E-discovery involving cloud facilities." The Computer & Internet Lawyer 27.12 (2010): 1+. General OneFile. Web. 23 Nov. 2010.
Document URL
http://find.galegroup.com/gps/infomark.do?&contentSet=IAC-Documents&type=retrieve&tabID=T003&prodId=IPS&docId=A242509633&source=gale&srcprod=ITOF&userGroupName=22054_acld&version=1.0
Gale Document Number:A242509633
No comments:
Post a Comment