Code of Practice for e-Discovery

As litigators strive to "keep abreast of ... the benefits and risks associated with relevant technology" (ABA Model Rule of Professional Conduct 1.1, Comment 8), it's a bit surprising that the Code of Practice for electronic discovery issued by the International Organization for Standardization has gone somewhat unheralded.

Published late last year, that protocol, known as ISO 27050-3, describes a systematic approach to the discovery process, whether paper or digital, and provides valuable insight into some of the technological benefits and risks that litigation counsel is supposed to be aware of.

The ISO's standard enables an organization to enhance awareness, benchmark its processes, and ensure (and demonstrate when required) its competencies. Prepared under the guidance of legal and IT security experts, with extensive input from individual lawyers, judges, e-discovery practitioners, and bar associations, the standard provides a uniquely valuable resource. It carries international credibility and may provide common language and expectations to those involved in, or adjudicating, discovery. The fact that the ISO's code is an international product may elevate its acceptance in cases were the discovery process crosses national borders and reaches different continents.

ISO has gone further than other organizations offering standards (compare those of the Sedona Conference and the American Bar Association) by setting forth a step-by-step methodology to navigate e-discovery's rough waters.

For each phase in the e-discovery process -- from preservation through production -- the standard articulates the objectives and specifies the requirements necessary to enable effective process and results, setting forth a list of general principles to follow without unduly mandating the manner of adherence. In this sense, the ISO protocol provides a solid framework for interrogating a process, while allowing room for variation (as what is adequate and defensible in any given instance is dependent on circumstances).

Notably, the ISO approach calls out the factors to consider in order to avoid failures in each phase -- thus alerting practitioners to common hazards that can derail an earnest e-discovery effort. Some of those hazards are obvious, such as the warning that untimely delay could result in the inadvertent destruction of electronically stored information by routine company data management policies (e.g., deletion cycles for email), which could lead to possible challenges and sanctions. Some are less apparent, such as the caution that failure to use empirical information about data conditions may lead to ill-matched or poorly used tools, or missed relationships within the data that could bring important evidence to light.

The standard also acknowledges directly that document review (i.e., finding sought-after documents in sometimes very large data sets) is a scientific information retrieval exercise, which must draw on expertise from the realms of statistics, linguistics and computer science. In practice, ISO further advances the professionalization of information retrieval in the legal arena as a scientific domain that serves the law, but which, as a discipline, is distinct from the law. Practitioners should be quick to note that relying on external expertise is a valid method to meet the requirements of competence.

There are several tangible new benefits for those who might consider applying these ISO principles to their efforts.

• The standard provides a useful distillation of sound practices for document review and records management that parties may cite regarding the reasonableness and both legal and scientific defensibility of their methods.

• Since the standard was created with extensive input from prominent attorneys, judges, and technologists and issued by ISO, it carries the benefit of consensus and credibility.

• Because of ISO's deep history, credibility, and international scope, the standard can be a valuable aid to parties involved in cross-border disputes.

• Although the standard is neutral on collaboration, implementation of the ISO Code should position counsel with robust information on which to draw when communication, cooperation, or collaboration is part of counsel's (or the client's) action plan.

It remains to be seen whether bar associations or other regulatory entities will undertake to issue certifications according to the standard (a process resulting in the locution "ISO Certified"), which would re-enforce the benefits of the ISO standard and serve the goals of transparency, repeatability and regularity in e-discovery projects. But even if not, it behooves all involved parties to consider the guidance the standard provides as it puts everyone on the same page of an increasingly complex journey through the ever-expanding sea of electronic information.