[author: Jim Ballowe]
We’re well into the digital age, and most litigators are familiar with the basic nomenclature of modern electronic discovery practice. Electronically stored information, document custodian, metadata, native formats, and predictive coding — these technical terms are widely understood and part of every discussion involving pretrial discovery of electronic data.
You may even be well-versed in skuzzy interfaces and the “three de’s” of de-skewing, de-NISTing, and de-duping.
But what about SIEM services, RBACs, SOC reports, and DLTs?
All of these terms made their appearance for the first time in the Sedona Conference’s Glossary of E-Discovery and Digital Information Management Terms (PDF). The glossary, now in its fifth edition, offers a concise definition of nearly a thousand terms that, taken together, describe most aspects of modern information technology and information governance practices. According to its authors, the glossary puts litigators and electronic discovery services vendors on the same page, language-wise, with the hope that a shared understanding of common technical terms will improve e-discovery outcomes and reduce transaction costs.
Review of the glossary can also assist litigators in formulating precisely targeted interrogatories and deposition inquiries during the pretrial discovery stage of litigation.
The glossary has been continually updated since its first publication in 2005. Notable additions to the fifth edition are descriptions of the latest cybersecurity technologies and new legal terms introduced by the European Union’s replacement of the EU Data Protection Directive with the General Data Protection Regulation in 2018. Key GDPR terms — including data processor, data controller, data subject — are relevant whenever electronic discovery involves the personal information of an EU resident.
New data security-related terms in the glossary include:
Role-based access controls (RBAC) are programmatic limits on user access to computer networks based on the role that the user fulfills with an organization.
Distributed ledger technologies (DLT) create a network of replicated, synchronized data stores distributed across the internet. Blockchain, the technology used by bitcoin and other cryptocurrencies, is a type of DLT.
Security information and event management (SIEM) products and services uncover and report enterprise security threats by analyzing log files and other data.
System and organization control reports provide assurance to investors and others that an organization has passed an audit and employs reasonable data security controls. A SOC1 report discloses the design of an organization’s security controls. A SOC2 report provides a detailed description of the effectiveness of an organization’s data security controls over a period of time.
The glossary’s latest edition also includes references to the many times that the glossary has been citied in judicial opinions. Glossary definitions are frequently cited as authoritative by courts in cases involving electronic discovery disputes. See, e.g., Race Tires America, Inc. v. Hoosier Racing Tire Corp., 674 F.3d 158, 161 (3d Cir. 2012), where the court used Sedona glossary definitions to clarify discovery processes in a dispute over hundreds of thousands of dollars in e-discovery vendors charges.
The Sedona Conference is a non-profit educational and legal policy development organization well-known for its work in the areas of antitrust, complex litigation, and electronic discovery. The glossary is available to download for personal use at no charge.
