EDRM Code of Conduct/Principle 3 - Disclosure

From Working EDRM

Comments: Please submit comments to the EDRM Code of Conduct forum

Contents 1 Principle & Corollary 1.1 The Principle 1.2 The Corollary 2 Discussion 2.1 Potential or actual "conflicts of interest" 2.2 Factors that might adversely affect the quality or completion of work being performed 3 Best Practices (with links to examples) 4 Examples

Principle & Corollary

The Principle

Service Providers should maintain open communication with their clients.

The Corollary

Clients should facilitate open communication with Service Providers by allowing them sufficient access to information to determine conflicts and to revise processes as necessary.

Discussion

This Principle makes paramount the timely and full disclosure to the client of all issues that might reasonably be calculated. The principle calls upon the Service Provider to maintain open communication with its clients, which should be read to include the timely and fully disclosure to the client(s) of issues that might reasonably be anticipated to materially affect the conduct of the engagement or proper completion of the project for which the Service Provider was engaged. Reasonable business judgment is assumed to apply as the standard by which an issue is deemed to be likely to materially affect the engagement or project.

Among the issues we have considered “likely to materially affect the engagement or project” are potential or actual “conflicts of interest”(further defined below) between the client and the Service Provider or its other clients; suspected or detected technology or methodology failures, other glitches or bugs, including human errors, likely to adversely affect the quality of or to delay completion of work being performed by the Service Provider for its client(s); and other similar issues that come to the attention of the Service Provider, whether at the outset, during the course of, or after conclusion of the engagement.

Potential or actual "conflicts of interest"

By "conflicts of interest" we intend to address situations in which the business or legal interests of the client and the Service Provider come into actual or potential conflict and to include situations in which a Service Provider is engaged to commence work for an entity and the Service Provider is aware that the proposed client is adverse to, or is a competitor of, another current or former client.

An example of the first conflict situation above is one where a Service Provider is acquired by a party adverse to its client or the Service Provider is owned in whole or in part by an entity or person advising the client on legal or business strategy, and thus could gain financially by reason of the engagement of the Service Provider by the client. The Service Provider should disclose to its client or potential client that it could have interests adverse to or not aligned with those of the client. The second conflict situation above arises in the context where a Service Provider is engaged by one or more adverse or non-aligned clients. Given the nature of electronic discovery and data management, in any engagement, the Service Provider likely will come into possession of proprietary or sensitive client information or data, and/or gain knowledge of clients' business or legal strategy or plans. [Under Principle 6, the Service Provider should be adequately safeguarding client data from inadvertent exposure to other parties and adequately protecting client business information and legal strategy its project teams learn from dissemination to its other clients.] Even given safeguards, the Service Provider's clients might perceive that the Service Provider's engagement by its adversaries or competitors poses an information security risk that "materially affects" the engagement, and of which it would want to be made aware. Disclosure in any conflict situation would be necessary, of course, only where the Service Provider is aware of the potential for conflict.

Factors that might adversely affect the quality or completion of work being performed

Service Providers have a responsibility to keep their client informed where estimated completion schedules or other elements of project work are affected by technological or other factors. We intended to include within this description any data corruption, failure of processing, human error or other “glitch” or bug that derails the progress of a project or compromises the quality of deliverable work product.

Best Practices (with links to examples)

1. Service Providers shall maintain lists of clients and matters on which they have worked as well as the type of work performed.^[1]
2. Service Providers shall review all new engagements against prior work to ensure no potential exists for disclosing previous proprietary or confidential information to new clients.^[2]
3. In the event Service Providers identify the potential of working on a project in direct conflict with a prior project, Service Providers shall consider carefully the parameters of each project to identify likelihood of cross-contamination.^[3]
4. In the event Service Providers determine likelihood of cross-contamination, Service Provider shall consult with both clients and only accept the new engagement after informed consent.
5. All communications with clients that concern issues that might reasonably be anticipated to materially affect the conduct of the engagement or proper completion of the project for which the Service Provider was engaged should be made in writing or by email or, if oral, followed by a writing or email.^{[4] [5]}
6. As soon as Service Provider discovers an error that may affect the outcome of the engagement, Service Provider shall communicate the parameters of the error to the client and discuss solutions.^{[6] [7]}
7. Service Providers shall train new employees and routinely remind existing employees of the need to maintain confidentiality of client information.
8. Service Providers shall implement and monitor systems to protect client data.
9. Service Providers shall inform clients of the individuals within the organization who have responsibility for their project, and provide the client names and contact information for those individuals.^[8]

Examples

1. ^  Example - Best Practice 1: Service Provider scanned documents that were generated concerning an oil field for Client A when Client A was selling that oil field to Client B. Now Client B comes to Service Provider as Client B is suing Client A over representations Client A made during the sale of that oil field. Client B wants Service Provider to process data and prepare it for production in the litigation. Service Provider should discover that it worked for Client A during the sale and determine if any information Client A gave Service Provider in specifying the work would potentially be to Client A's detriment should it be disclosed to Client B. If Service Provider determines there is no such potential, Service Provider may, but need not, communicate its determination to both clients.
2. ^  Example - Best Practice 2: Same as 1 except that Client A told Service Provider’s Employee 1 that Client A was happy to be unloading the oil field on Client B because "it's a dog." Employee 1 no longer works for Service Provider, and Employee 1 never repeated the statement. Service Provider has no obligation.
3. ^  Example - Best Practice 3: Same as 2 except Employee 1 still works for Service Provider and has told everyone with whom she works that she’s not surprised Client B sued Client A because Client A knew it was unloading "a dog." Service Provider should disclose this to both clients. Furthermore, Service Provider should use this as an opportunity to re-educate employees concerning confidential client information.
4. ^  Example - Best Practice 5.1: Client calls Service Provider on the telephone and states that its deadline for producing data to the opponent has been extended by a month and, thus, Service Provider may take an additional week to provide the data to the Client. Service Provider should follow the call with an email confirming the information.
5. ^  Example - Best Practice 5.2: Client calls Service Provider on the telephone and states that it needs the data processed more quickly. Service Provider states that it can only do so by working overtime which will increase the cost. Client agrees to pay increased cost. Service Provider must follow the call with an email or a change order in writing.
6. ^  Example - Best Practice 6.1: Service Provider's employee drops a hard drive containing client's data. The data is corrupted. Service Provider had made an image of that hard drive previously and can process the data without delay. Service Provider need not disclose the accident.
7. ^  Example - Best Practice 6.2: Same as 6.1 except the drive had been copied and not imaged. The Service Provider must discuss the ramifications with the client.
8. ^  Example - Best Practice 9: Service Provider begins work for client. Service Provider must give client at least two points of contact along with sufficient contact information so questions and concerns can be addressed promptly.