Parties to litigation are typically required to identify, preserve, retrieve, review and produce electronically stored information (ESI) within their control that is potentially responsive to the matter. The time frames for fulfilling these discovery requirements are often short, and courts have shown little patience for companies that fail to meet their discovery obligations. An excuse that “the data is on an outsourcing provider’s systems” will likely fall on deaf ears as courts continue to issue discovery sanctions for noncompliance that range from negligence to willful misconduct.

These sanctions can include monetary fines, adverse inference instructions, dismissal of the suit or default judgment or, sometimes, a combination of penalties. For example, in Victor Stanley, Inc. v. Creative Pipe, Inc., 269 F.R.D. 497 (D. Md. 2010), a federal court in Maryland found that the defendant had engaged in a willful bad faith discovery violation, including the failure to implement a litigation hold, attempted and actual deletion of ESI and misrepresentations regarding the completeness of discovery. The court recommended a default judgment and a permanent injunction as to plaintiff’s copyright claim. It also ordered monetary sanctions and that the president of Creative Pipe be jailed for not more than two years unless and until the award of attorneys’ fees and costs was paid.

To protect themselves, companies need systematic, reasonable and defensible electronic discovery and records management programs designed to comply with discovery obligations. These programs can reduce the need to conduct costly or inefficient fact-gathering in response to discovery requests and provide defenses to claims of improper destruction, or spoliation, of evidence. Further, having an effective and updated records management policy, program and retention schedule will enhance a company’s efforts to achieve proper data management—a key factor in minimizing discovery costs and mitigating the risk of sanctions.

A company that outsources its ESI to a third-party provider generally has the same obligations to preserve and produce relevant data that it would have if that data was on the company’s own equipment and premises. In fact, a company may face heighted risk because a subpoena or discovery request may go directly to the third party. This article describes how a company can use contractual provisions to effectively manage its ESI remotely and to ensure compliance with its discovery obligations.

Preserve Your Privileges

As a general matter, if your service provider has access to data that may fall within the attorney-client or work-product privileges, consider adding specific clauses to the contract to protect any ESI that you have identified as potentially privileged. For example, the contract could provide for additional restrictions on disclosure, data tagging or segregation of potentially privileged information.

If you cannot specifically identify privileged information, consider using a broad brush approach, such as requiring that the provider treat all communications to or from your corporate law department as potentially privileged. Or, if you are not aware of any particular privileged information, consider obtaining an option in your contract to designate information as protected at a later time. You may even agree to accept additional charges for such later-requested additional security.

Create a Litigation Response Plan

If your service provider will store ESI that may be subject to preservation or production requests, consider contractually requiring the provider to engage in developing and implementing a joint litigation response plan. Such a plan might involve, for example:

  • A list of responsibilities for preserving ESI that can be identified with reasonable certainty, and which might be described in any preservation or production request, and for providing prompt notification of any technical or other limitations that would prevent fulfillment of the preservation or production request.
  • Participation in periodic meetings to discuss and update litigation response policies and procedures.
  • Appointment of an experienced legal information management representative by the service provider to manage production and preservation activities.

Provide Your Service Provider with a Litigation Requirements Notice

When litigation that has been filed, or is reasonably anticipated, relates to ESI possessed by your service provider, consider sending your provider a copy of the litigation hold notice that describes in reasonable detail all items to be preserved. Ask your provider to promptly contact you with any questions or concerns related to the notice and to provide you with any additional information you or the provider may need to more clearly determine the scope of the request.

Generate Information for Legal Proceedings

As litigation progresses, there are additional activities that you might want your service provider to undertake, for example:

  • Cost estimates for the preservation and/or production of data
  • Descriptions of systems, data, media and processes utilized by the provider
  • Reports, declarations and affidavits from provider personnel
  • Explanations of why preservation or production of certain documents is infeasible or impossible in certain circumstances

Regardless of the responsibilities assigned to your service provider—whether related to preservation and production of ESI or to trial proceedings—it is recommended that you request your service provider to document in writing all steps taken to fulfill its obligations. This documentation helps ensure that your company’s requests are carried out in full. It also provides evidence of your company’s diligent actions to comply with preservation obligations and discovery requests should your efforts come under scrutiny.

Third-Party Data Requests

Opposing parties may request or demand access to your ESI directly from one of your service providers. There is a risk that a provider might provide ESI that should not be delivered to the opposing party.  You can reduce that risk by including in your agreement or litigation response plan requirements that the provider:

  • Immediately contact a company representative upon receipt of any request or subpoena by third parties for corporate ESI possessed by the provider and, to the extent legally permissible, forward a copy of the request or subpoena to the company;
  • Meet and confer with the company prior to responding to the third party(ies);
  • Tender responsibility for responding to the request to the company, and assist with any responses; and
  • Take all commercially reasonable steps to preserve the company’s legal rights in connection with any response in the event the provider is barred from notifying the company of the request.


Having litigation response plans and including contractual obligations in service contracts can allow your company to handle discovery requirements faster, more effectively and with reduced risks and expenses when some or all of your data is managed by outsourced, or cloud computing, providers. Companies that do not already have these contractual provisions can attempt to amend their agreements with third-party providers that possess critical ESI. Consider including litigation readiness provisions as a standard requirement for new contracts and new relationships with outsourcing and cloud computing providers.  

To read this complete article visit Business & Technology Sourcing Review - Issue 17.