Wednesday, July 20, 2011

Long time coming: EDRM Service Provider Code of Conduct




On July 9  The Electronic Discovery Reference Model group posted an EDRM Model Code of Conduct for service providers. I applaud their hard work tackling what could be considered a thorny issue and  I can only hope this code of conduct will start some serious discussions in the eDiscovery realm. While the code of conduct carries no enforcement authority it does put a long time in coming focus on important issues that should concern both vendors and end users in the eDiscovery marketplace.   . The MCoC addresses five key principles: professionalism, engagement, conflicts of interest, sound process, and security and confidentiality. Each principle focuses on service providers and is accompanied by a corollary focusing on the client perspective.
The release of the Code of Conduct  is particularly timely given the results of the just-completed second annual ALM Vendor Satisfaction Survey, which for the second year in a row found that the respondents consider  customer service  the number one criterion for choosing an e-discovery vendor. From my perspective that is not always the case, but as a small regional service provider peering  from the outside looking in; I can only hope that this hypothesis is proven correct in the long run. Superior Document Services has always maintained a high touch and buck stops here approach to customer service. 
An short version of the main principals is excerpted below ( the full version which is well worth reading in its entirety is here:

1. Service Providers should perform their work in a competent, accurate, timely and cost-effective manner, adhering to the highest standards of professionalism and ethical conduct.

2. Service Providers should collaborate with Clients to establish and memorialize the terms of their relationship including any reasonably foreseeable parameters as early as possible upon the initiation of any new engagement.

3. Service Providers should employ reasonable proactive measures to identify potential conflicts of interest, as defined and discussed below. In the event that an actual or potential conflict of interest is identified, Service Providers should disclose any such conflict and take immediate steps to resolve it in accordance with the Guidelines set forth below.

4.Service Providers should define, implement and audit documented sound processes that are designed to preserve legal defensibility.

5. Service Providers should establish and implement procedures to secure and maintain confidentiality of all Client ESI, communications and other information.


Guidelines

  1. Service Providers should develop policies and procedures for ensuring the security and integrity of Client ESI, confidential communications and other information.
  2. Service Providers should exercise reasonable diligence to remain knowledgeable and competent in regards to best practices related to privacy and data security in all aspects of handling Client ESI, confidential communications and other information.
  3. Prior to engagement, Clients should make reasonable inquiry of their Service Providers regarding the level and types of security measures that the Client deems appropriate for that specific engagement.
  4. Prior to engagement, and upon inquiry by a prospective Client, Service Providers should make full disclosure of all standard security measures implemented by the Service Provider, as well as security measures available and recommended for that specific engagement.
  5. Service Providers should implement reasonable measures to secure their facilities from unauthorized physical access.
  6. Service Providers and Clients should implement reasonable measures, appropriate to Client requirements, in connection with securing ESI, confidential communications and other information from unauthorized logical access.
  7. Service Providers should implement reasonable measures, appropriate to Client requirements, to secure ESI, confidential communications and other information contained on portable devices taken outside the Service Provider’s facilities.
  8. Service Providers working internationally or with Client ESI coming from international sources must be capable of complying with applicable foreign data privacy laws related to security and confidentiality.
  9. All ESI, communications and other information received from a Client should be presumed by a Service Provider to be confidential unless otherwise stated in writing (See also, Principle 1 – Professionalism).
  10. 1Service Providers have the duty to promptly notify Clients of the unauthorized release, disclosure, or loss of Client ESI, confidential communications or other information in the custody of the Service Provider.
  11. Upon request of a Service Provider, Clients should not disclose to any unrelated party any of the Service Provider’s proprietary or confidential information provided to the Client in connection with an engagement or prospective engagement; provided, however, Clients may make such disclosures as reasonably necessary.
  12. Service Providers and Clients should agree in writing to the disposition of Client ESI, confidential communications or other materials upon the termination of any engagement, including its return or destruction.

No comments: