While technological advances over the past decade have provided many useful tools that aid efficiency, the accompanying explosion in the sheer volume of electronic information generated in the day-to-day operation of a business has also presented serious challenges, especially within (but not limited to) the legal context. Without an effective system to organize and manage electronically stored information (ESI), it can become overwhelming to wade through the morass of data retained by most companies to find specific information and relevant records when needed – information that could affect the outcome of a legal proceeding.
Enter electronic discovery, or e-discovery, a process of managing ESI that has become a specialized field of legal practice. With the help of subject matter experts from around the world, the International Organization for Standardization (ISO), the world’s largest developer of voluntary international Standards, has just published the first of four parts of an International E-discovery Standard, known formally as ISO/IEC 27050-1, Information Technology—Security Techniques—Electronic Discovery—Part 1: Overview and Concepts (the “International E-Discovery Standard”).
What is e-discovery?
In many jurisdictions, e-discovery is understood as an important process in the context of a legal proceeding, such as a court action, arbitration, regulatory investigation or administrative proceeding, which involves several key steps leading up to the production of information to an opposing party. Several jurisdictions have specific laws or rules of practice that address e-discovery. However, many countries do not have any rules related to e-discovery for local proceedings.
The stages of the e-discovery process are generally believed to include the identification, preservation, collection, processing, review, analysis and production of electronically stored information. The challenges associated with e-discovery include the huge volumes of electronic information in the possession or control of most companies, the ease with which electronic documents are duplicated, transferred and dispersed, the dynamic and changeable nature of electronic information, difficulties with respect to disposal of electronic information when desirable, and the fast pace of technological change which can render obsolete the hardware and/or software required to review ESI.
While e-discovery is an important part of a legal process, it has uses beyond legal venues, in all jurisdictions regardless of legal regime. A common understanding of the elements and best practices of e-discovery can facilitate an organization’s internal, external and international dealings with ESI, whether or not one or more of the particular jurisdictions involved has laws or rules relating to e-discovery. ESI can be valuable for proving or disproving a fact in a legal proceeding, but more often it is used by companies to conduct business and record the historical activities of the organization or personal history of individuals.
E-discovery strategies can be used for many purposes, such as conducting an internal audit, researching a book on the history of the enterprise, or conducting due diligence for a potential transaction.
What is the benefit of an international standard?
Suppose that a domestic company seeks to purchase a foreign company, and a formal due diligence process is called for. The domestic party’s jurisdiction has explicit e-discovery rules and the foreign party’s jurisdiction does not. How does the foreign party proceed to identify, collect and produce the crucial ESI in a defensible way? One answer is that the foreign company can simply go by the procedures outlined in the domestic company’s explicit e-discovery rules. But the foreign entity may not be comfortable with that process, which was developed in the context of the domestic company’s jurisdiction’s litigation.
The International E-Discovery Standard becomes a useful tool here because it has been developed for e-discovery in the broad sense and has been supported by the ISO processes to become an ISO standard.
What is Part 1 of the International E-Discovery Standard and what about the other “Parts”?
The first part of the Standard, ISO/IEC 27050-1, addresses the process elements involved in e-discovery – identification, preservation, collection, processing, review, analysis, and production of ESI. It provides the overview and concepts key to e-discovery, and it provides general guidance on measures which an organization can undertake to handle e-discovery efficiently and to mitigate the risk and expense that is involved in grappling with ESI.
The International E-Discovery Standard is in four parts as follows:
Part 1: Overview and Concepts for Electronic Discovery
Part 2: Guidance for Governance and Management of Electronic Discovery
Part 3: Code of Practice Electronic Discovery
Part 4: ICT Readiness for Electronic Discovery
Each of the Parts is at a different stage of development. Part 1 has just been published. Provided it receives sufficient votes in the ISO process, Part 3 is expected to go to publication in 2017 and will provide detailed requirements and guidance on activities in e-discovery. Next in line is Part 2, which will describe how personnel at senior levels within an organization can identify and take ownership of risks related to e-discovery, set policy relating to e-discovery, achieve compliance with external and internal requirements relating to e-discovery, and explain how to implement and control e-discovery in accordance with prevailing policies. Part 4 is at the earliest stage of development, but it is a very important Part of the Standard. Part 4 will provide guidance on the ways an organization can plan and prepare for e-discovery from the perspective of both technology and processes.
Together, the Parts of the International E-Discovery Standard will offer an organization of any size, in any jurisdiction, a pre-tested methodology for e-discovery. The methodology should help minimize costs and failures during the e-discovery process. Further, as an ISO Standard developed beyond one jurisdiction, it should be a useful tool to conduct international transactions, litigation and other dealings with ESI.