Cloud and Privacy – ECPA Protects Non-U.S. Nationals Against Unrestricted Disclosure by a Third Party
The sudden rise in the popularity of the “Cloud” has left organizations in a reactive state when addressing new legal issues surrounding data storage. Legal rules (FRCP), case law and judicial opinions have provided little guidance, causing legal teams to scratch their heads and wonder what conduct is acceptable and defensible. For example, both legal and IT teams want to know what rules apply when preserving and collecting electronically stored information (ESI) stored in cloud-based systems. What rules apply in what jurisdictions – in the U.S. and abroad? To whom do these rules apply? Are responding parties afforded any defenses or protections from producing ESI backed-up and stored in the cloud?
In Suzlon Energy Ltd v. Microsoft Corporation, the court provided some clarification on the specific rights people have to protect their personal email communications from being produced in court. The court addressed whether a U.S. communication service provider is required to produce personal emails stored on a US server from a non-U.S. national. The Ninth Circuit Court of Appeals ruled that under the protection of the Electronic Communications Privacy Act of 1986 (ECPA), the defendant, Microsoft, cannot be compelled to produce personal emails of a non-U.S. national.
Under the ECPA, “a person or entity providing an electronic communication service to the public shall not knowingly divulge to any person or entity the contents of a communication while in electronic storage by that service.” The plaintiff, Suzlon, contended that the ECPA did not apply because the emails at issue were created by a non-U.S. citizen. The court refuted this claim, explaining that had Congress intended for the law to be interpreted that way, there would have been a distinction made between a U.S. citizen and “any person” within the statute’s provisions.
Suzlon Energy Ltd v. Microsoft Corporation was initiated out of an Australian civil suit by the plaintiff against a former employee, Sridhar, who was accused of committing fraud. During discovery, Sridhar, an Indian citizen, refused to turn over emails that resided on his Microsoft Hotmail account. Subsequently, the plaintiff petitioned the U.S. District Court for production of Sridhar’s emails from Microsoft whose email servers reside in the U.S.
While this case does not provide overarching clarity on how courts will rule on e-discovery issues involving ESI stored in the cloud, it does alert U.S. cloud service providers that the ECPA is leaning towards protection of personal email, regardless of citizenship. To learn more about the issues on e-discovery and the cloud, watch Exterro’s recent webcast, “E-Discovery Forecast: Cloudy with a Chance of Sanctions.” This webinar addresses:
- Changing rules and case law, particularly for ESI stored in the Cloud outside the U.S.
- Evolving best practices for identifying, preserving, retrieving and producing ESI from the Cloud
- IT challenges from an integration and security perspective for e-discovery and ESI in the Cloud
Mike Hamilton, J.D. is the E-Discovery Market Analyst at Exterro, Inc. Hamilton works in a product
management and marketing role to ensure Exterro’s Fusion e-discovery applications closely reflect the needs of legal teams. Within the complex e-discovery world, Hamilton’s knowledge, legal acumen and experience give him a valuable perspective on bridging the gap between IT and legal teams.