EDD: Issues, Law, and Solutions: Long time coming: EDRM Service Provider Code of Conduct

Wednesday, July 20, 2011

Long time coming: EDRM Service Provider Code of Conduct

On July 9 The Electronic Discovery Reference Model group posted an EDRM Model Code of Conduct for service providers. I applaud their hard work tackling what could be considered a thorny issue and I can only hope this code of conduct will start some serious discussions in the eDiscovery realm. While the code of conduct carries no enforcement authority it does put a long time in coming focus on important issues that should concern both vendors and end users in the eDiscovery marketplace. . The MCoC addresses five key principles: professionalism, engagement, conflicts of interest, sound process, and security and confidentiality. Each principle focuses on service providers and is accompanied by a corollary focusing on the client perspective.

The release of the Code of Conduct is particularly timely given the results of the just-completed second annual ALM Vendor Satisfaction Survey, which for the second year in a row found that the respondents consider customer service the number one criterion for choosing an e-discovery vendor. From my perspective that is not always the case, but as a small regional service provider peering from the outside looking in; I can only hope that this hypothesis is proven correct in the long run. Superior Document Services has always maintained a high touch and buck stops here approach to customer service.

An short version of the main principals is excerpted below ( the full version which is well worth reading in its entirety is here:

1. Service Providers should perform their work in a competent, accurate, timely and cost-effective manner, adhering to the highest standards of professionalism and ethical conduct.

2. Service Providers should collaborate with Clients to establish and memorialize the terms of their relationship including any reasonably foreseeable parameters as early as possible upon the initiation of any new engagement.

3. Service Providers should employ reasonable proactive measures to identify potential conflicts of interest, as defined and discussed below. In the event that an actual or potential conflict of interest is identified, Service Providers should disclose any such conflict and take immediate steps to resolve it in accordance with the Guidelines set forth below.

4.Service Providers should define, implement and audit documented sound processes that are designed to preserve legal defensibility.

5. Service Providers should establish and implement procedures to secure and maintain confidentiality of all Client ESI, communications and other information.

Guidelines

Service Providers should develop policies and procedures for ensuring the security and integrity of Client ESI, confidential communications and other information.
Service Providers should exercise reasonable diligence to remain knowledgeable and competent in regards to best practices related to privacy and data security in all aspects of handling Client ESI, confidential communications and other information.
Prior to engagement, Clients should make reasonable inquiry of their Service Providers regarding the level and types of security measures that the Client deems appropriate for that specific engagement.
Prior to engagement, and upon inquiry by a prospective Client, Service Providers should make full disclosure of all standard security measures implemented by the Service Provider, as well as security measures available and recommended for that specific engagement.
Service Providers should implement reasonable measures to secure their facilities from unauthorized physical access.
Service Providers and Clients should implement reasonable measures, appropriate to Client requirements, in connection with securing ESI, confidential communications and other information from unauthorized logical access.
Service Providers should implement reasonable measures, appropriate to Client requirements, to secure ESI, confidential communications and other information contained on portable devices taken outside the Service Provider’s facilities.
Service Providers working internationally or with Client ESI coming from international sources must be capable of complying with applicable foreign data privacy laws related to security and confidentiality.
All ESI, communications and other information received from a Client should be presumed by a Service Provider to be confidential unless otherwise stated in writing (See also, Principle 1 – Professionalism).
1Service Providers have the duty to promptly notify Clients of the unauthorized release, disclosure, or loss of Client ESI, confidential communications or other information in the custody of the Service Provider.
Upon request of a Service Provider, Clients should not disclose to any unrelated party any of the Service Provider’s proprietary or confidential information provided to the Client in connection with an engagement or prospective engagement; provided, however, Clients may make such disclosures as reasonably necessary.
Service Providers and Clients should agree in writing to the disposition of Client ESI, confidential communications or other materials upon the termination of any engagement, including its return or destruction.

No comments:

Post a Comment

Sedona Principles 2nd ed.

1. Electronically stored information is potentially discoverable under Fed. R. Civ. P. 34 or its state equivalents. Organizations must properly preserve electronically stored information that can reasonably be anticipated to be relevant to litigation.
2. When balancing the cost, burden, and need for electronically stored information, courts and parties should apply the proportionality standard embodied in Fed. R. Civ. P. 26(b)(2)(C) and its state equivalents, which require consideration of the technological feasibility and realistic costs of preserving, retrieving, reviewing, and producing electronically stored information, as well as the nature of the litigation and the amount in controversy.
3. Parties should confer early in discovery regarding the preservation and production of electronically stored information when these matters are at issue in the litigation and seek to agree on the scope of each party’s rights and responsibilities.
4. Discovery requests for electronically stored information should be as clear as possible, while responses and objections to discovery should disclose the scope and limits of the production.
5. The obligation to preserve electronically stored information requires reasonable and good faith efforts to retain information that may be relevant to pending or threatened litigation. However, it is unreasonable to expect parties to take every conceivable step to preserve all potentially relevant electronically stored information.
6. Responding parties are best situated to evaluate the procedures, methodologies, and technologies appropriate for preserving and producing their own electronically stored information.
7. The requesting party has the burden on a motion to compel to show that the responding party’s steps to preserve and produce relevant electronically stored information were inadequate.
8. The primary source of electronically stored information for production should be active data and information. Resort to disaster recovery backup tapes and other sources of electronically stored information that are not reasonably accessible requires the requesting party to demonstrate need and relevance that outweigh the costs and burdens of retrieving and processing the electronically stored information from such sources, including the disruption of business and information management activities.
9. Absent a showing of special need and relevance, a responding party should not be required to preserve, review, or produce deleted, shadowed, fragmented, or residual electronically stored information.
10. A responding party should follow reasonable procedures to protect privileges and objections in connection with the production of electronically stored information.
11. A responding party may satisfy its good faith obligation to preserve and produce relevant electronically stored information by using electronic tools and processes, such as data sampling, searching, or the use of selection criteria, to identify data reasonably likely to contain relevant information.
12. Absent party agreement or court order specifying the form or forms of production, production should be made in the form or forms in which the information is ordinarily maintained or in a reasonably usable form, taking into account the need to produce reasonably accessible metadata that will enable the receiving party to have the same ability to access, search, and display the information as the producing party where appropriate or necessary in light of the nature of the information and the needs of the case.
13. Absent a specific objection, party agreement or court order, the reasonable costs of retrieving and reviewing electronically stored information should be borne by the responding party, unless the information sought is not reasonably available to the responding party in the ordinary course of business. If the information sought is not reasonably available to the responding party in the ordinary course of business, then, absent special circumstances, the costs of retrieving and reviewing such electronic information may be shared by or shifted to the requesting party.
14. Sanctions, including spoliation ﬁndings, should be considered by the court only if it finds that there was a clear duty to preserve, a culpable failure to preserve and produce relevant electronically stored information, and a reasonable probability that the loss of the evidence has materially prejudiced the adverse party.
Copyright © 2007 The Sedona Conference®. All Rights Reserved.
Reprinted courtesy of The Sedona Conference®.
Go to http://www.thesedonaconference.org/ to download a free copy of the complete document for your personal use only.