"On March 23, 2018, Congress enacted and the President signed into law the Clarifying Lawful Overseas Use of Data Act (CLOUD Act), as part of the Consolidated Appropriations Act, 2018, Pub. L. 115–141. The CLOUD Act amends the Stored Communications Act, 18 U. S. C. §2701 et seq., by adding the following provision:
A [service provider] shall comply with the obligations
of this chapter to preserve, backup, or disclose the
contents of a wire or electronic communication ... within such provider’s possession..., regardless of whether such communication, record, or other information is located within or outside of the United States.”
So, all US companies are now forced to store a backup, or copy, of all data they store off shore? To make sure this doesn't happen again?
No. per your own quote, it "just" extends discovery protections to data held outside the US. So you can't deny the US government access just based on the data being offshore. It's captured in the first paragraph of the decision:
> a U. S. provider of e-mail services
must disclose to the Government electronic communications
within its control even if the provider stores the
communications abroad.
The requirement to backup, preserve or disclose is exactly the current requirement for data in the US, and only applies at the provider is given notice to produce evidence. It means the provider cannot destroy evidence once compelled to produce it. It doesn't mean you are required to preserve data "just because".
A [service provider] shall comply with the obligations of this chapter to preserve, backup, or disclose the contents of a wire or electronic communication ... within such provider’s possession..., regardless of whether such communication, record, or other information is located within or outside of the United States.”
So, all US companies are now forced to store a backup, or copy, of all data they store off shore? To make sure this doesn't happen again?