January 2, 2015: Language in Principle 3 updated to clarify scope of Service Provider obligations
EDRM, the leading standards organization for the e-discovery market, announces a proposed clarification to the language in Principle 3 – Conflicts of Interest of the EDRM Model Code of Conduct (MCoC) as well as a clarification to the language in the corollary to Principle 3.
The clarification distinguishes between (a) entities that are “members of the team,” i.e., participants in shaping legal strategy; and (b) technology providers that, while delivering capabilities to the team, are not on the team; i.e., they are not privy to or helping to shape case strategy. Principle 3 of the MCoC is intended to apply to the former, not the latter.
To comment on the proposed revisions, leave a reply at the bottom of this page or send an email message to firstname.lastname@example.org. The comment period is open until Friday, January 23, 2015.
This Model Code of Conduct (MCoC) sets forth aspirational guidelines intended to serve as a basis for ethical decision making by all participants in the electronic discovery process. The MCoC was drafted by members of the EDRM MCoC Project and reflects years of exhaustive dialogue and a wide array of viewpoints representative of the interests of corporations, law firms and service providers across the country. Adherence to the MCoC is voluntary.
The MCoC consists of five Principles and their Corollaries, which contain statements of the duties of Service Providers 1 and the related duties of their Clients. Each Principle and Corollary set is accompanied by Guidelines and a Discussion section, providing our view of ethical considerations that should be addressed by participants in the electronic discovery process.
The MCoC is not intended to address or resolve business or legal quandaries, or dictate operational guidelines for participants in the electronic discovery industry or the clients that purchase their products or engage their services. Additionally, it is not intended to replace or substitute for the establishment or construction of contractual relationships between Clients and Service Providers. While we recognize that such matters impact the day-to-day operations of Service Providers, and their relationships with their clients, they are simply outside the scope of this document. The MCoC is not intended to create a legal liability standard, and the MCoC Project claims no enforcement authority.
Many have referred to the electronic discovery industry as the “Wild West”, where rules and ethical boundaries for interactions between Clients and Service Providers or Service Providers and other Service Providers are constantly changing to reflect shifting whims. While some would argue that the market will operate to address these issues, time has shown that for a market to mature, ethical boundaries must be clearly delineated and industry participants must agree to be bound by them. We believe that establishing these guidelines for ethical decision-making will provide predictability in business relationships and will lead to a more stable market.
Our hope is that participants in this market will utilize the MCoC in ways that will promote its positive use and wide-spread adoption in the establishment and maintenance of contractual relationships. Service Providers may wish to promote their voluntary adherence to the MCoC. Clients may wish to reference the MCoC in their vendor selection process, including addressing the MCoC in Requests for Information (RFIs) or Requests for Proposals (RFPs). Clients and Service Providers may elect to expressly incorporate the MCoC into their written agreements.
We recognize that the MCoC does not provide an exhaustive exploration of every potential ethical issue that may arise in the electronic discovery industry. As noted above, the MCoC is aspirational in nature, and voluntary in application. In recognition that the Principles and Corollaries are broad statements, and are further defined in the Guidelines and accompanied by the Discussion reflecting our thinking in their establishment, we expect this document will be construed by our constituents to reflect the evolving marketplace for electronic discovery products and services.
Please note that you may download the MCoC without subscribing to it. To download the MCoC, click here, where you can download a pdf version of the MCoC or select the button below:
Eric P. Mandel
Co-Chair and Reporter
Service Providers should perform their work in a competent, accurate, timely and cost-effective manner, adhering to the highest standards of professionalism and ethical conduct.
Clients should be forthright, accurate and timely in their dealings with Service Providers and act at all times in accordance with the highest professional standards of ethical conduct.
Competence, clear communication, diligence, and candor by the Service Provider are essential practices in establishing and maintaining appropriate standards of professionalism in connection with electronic discovery. Further, these practices should be reciprocated by the Client.
The committee does not take any stand regarding the specific value and associated pricing for products and services offered by Service Providers. We acknowledge and support the principle of caveat emptor. That principle, however, does not excuse taking unreasonable advantage of a buyer who clearly lacks knowledge of the electronic discovery marketplace. Thus, we provide guidelines for ethical decision-making in determining whether fees and expenses charged by a Service Provider in connection with any engagement may be considered to be reasonable.
These guidelines include seven factors that should be weighed in their totality. For example, when we discuss the issue of the fees customarily charged for a service, one should consider the total package of services provided on a given matter versus a specific unit / hourly cost for one component of the package. The value of the service provided to a purchaser can, and will, vary from case to case. What may be of value to one purchaser may be of little value to another, and we recognize that price and value are highly subjective.
Our intent is to provide ethical guidelines for pricing to the sophisticated seller who is knowingly facing an unsophisticated buyer. As a corollary, we believe an unsophisticated buyer has an obligation to gain knowledge and expertise of the market prior to making purchasing decisions either directly or through engaging the services of a knowledgeable E-Discovery consultant.
We specifically call out the issue of the discovery of child pornography in regards to professionalism. Images of apparent child pornography are found from time to time during the electronic discovery process. Due to strict liability laws regarding the possession of such images, Service Providers who discover them are required by law to immediately contact law enforcement and surrender possession. This legal reporting obligation supersedes any duty owed to the Client.
Service Providers should collaborate with Clients to establish and memorialize the terms of their relationship including any reasonably foreseeable parameters as early as possible upon the initiation of any new engagement.
Clients should provide sufficiently detailed information about the subject matter, the parties involved in the litigation and any material issues or variables that would assist the Service Provider in accurately defining the engagement.
The Guidelines set forth above are intended for the majority of standard litigation and regulatory matters where the engagement of a Service Provider is part of an overall discovery process and is done with foresight and planning. We recognize that the demands of business and practice of law occasionally require that an engagement begin before the full parameters of a specific engagement may be known by all of the parties. Likewise, we recognize that some engagements are for a very limited time and scope, and a full Request for Information or Proposal process would be impractical. Our intent is to promote reasoned and ethical decision-making that is exercised through the standard day-to-day business process of at least two of those parties attempting to reasonably define and agree upon some of the basic elements common to all engagements. Agreement as to scope, duration, and material elements of an engagement will help to avoid future conflict and to protect either the Client or the Service Provider from incurring undue fees and expenses or legal exposure.
When (a) a Service Provider
s is engaged primarily to provide consulting services in connection with the broad range of activities covered by the EDRM and (b) as a material part of that engagement the Service Provider receives information about case strategy or assists in developing case strategy, then the Service Provider should employ reasonable proactive measures to identify potential conflicts of interest, as defined and discussed below. In the event that an actual or potential conflict of interest is identified, the Service Provider s should disclose any such conflict and take immediate steps to resolve it in accordance with the Guidelines set forth below. (Proposed additions in bold; proposed deletions stricken through and in red.)
Clients should furnish Service Providers subject to Principle 3 with sufficient information at the commencement of each engagement to enable each Service Provider to identify potential conflicts of interest. If an actual or potential conflict of interest is identified and disclosed and the Client elects to proceed with the engagement, the Client should work in good faith with the Service Provider and other parties to facilitate a resolution to any such conflict in accordance with the Guidelines set forth below. (Proposed addition in bold.)
This Principle makes paramount the timely identification, disclosure, avoidance or mitigation of conflicts of interest between Service Providers and one or more Clients.
In the context of this rule, Conflicts of Interest arise when a Service Provider has two or more duties that are in opposition to one another. Such duties may be personal or professional, contractual or fiduciary, formally prescribed by law or informally established by societal norms. Conflicts of Interest must be distinguished from the competing day to day obligations that arise in the context of business and personal relationships. Routine obligations resulting in competing priorities do not rise to the level of a Conflict of Interest and are not addressed in this Model Code. This Model Code is intended to address only the Conflicts of Interest which occur in connection with the establishment and performance of a business relationship between a Client and a Service Provider.
Conflicts of interest are classified as actual conflicts, potential conflicts and springing conflicts. Actual conflicts are those already in existence at the time a relationship commences. Potential conflicts are those that may be reasonably anticipated to occur sometime during the existence of a relationship but have not yet matured. Springing conflicts are those that did not exist and were not reasonably anticipated at the commencement of a relationship, but arise unexpectedly during the course of an engagement.
A Service Provider owes a duty to the Client. In the simplest terms the “Client” is any signatory party to an agreement with a Service Provider. In the electronic discovery services industry, engagements often include three parties: a Service Provider, a Law Firm, and the Litigant (i.e., the Individual or Organization who is a party to a legal or regulatory action subject to Discovery). Often a law firm is the sole signatory party to an agreement for discovery services and it is the law firm that exclusively directs and supervises a Service Provider for the benefit of the Litigant. The tangential relationship of the Litigant to the party requesting electronic discovery services begs the question: “is the Litigant also a Client?” If the Litigant may also be considered to be a client of the electronic discovery service provider, to which client does the Service Provider owe the ultimate duty? There may be circumstances in which the actions of the Service Provider may favor one client over the other.
Conflicts between the instructions or the interests of the Litigant and the Law Firm can give rise to a business conflict for a Service Provider, but not an ethical Conflict of Interest. Such business conflicts are outside the scope of this Model Code.
Service Provider organizations often employ attorneys, accountants, and other professionals who are subject to binding rules of conduct governing ethical behavior within those professions. We recognize that these professionals may be subject to ethical obligations that are both superseding and superior to those set forth in this Model Code of Conduct, even if they are functioning in the role of Service Provider and not the role of their professional license (e.g., a licensed attorney serving as a discovery consultant, not as legal counsel).
Even though an organization determines, under the guidelines set forth herein, that it may mitigate a conflict, an employee who would be assigned to the engagement may still determine that work on such an engagement would conflict with his or her superseding professional obligations. Professionals who find themselves torn between duties to their professional ethical obligations and their duties to either their employer or Client should exercise due care in determining their individual best course of action, and the Service Provider and its Clients should be sensitive to employees who face this dilemma.
The principle of the Ethical Wall (a/k/a Chinese Wall, Firewall or Screened) should apply to Service Providers to the same extent, and under the same rules, as the creation of an Ethical Wall for attorneys at a Law Firm. (See, ABA Model Rules of Professional Conduct, Section 1.10(a)(2).)
Service Providers should define, implement and audit documented sound processes that are designed to preserve legal defensibility.
Clients should cooperate with Service Providers to ensure that auditable, documented sound processes, appropriate for each engagement, are defined and implemented by all concerned parties to preserve legal defensibility.
This Principle rests on two concepts: Legal defensibility and risk mitigation.
The first concept relates to the overriding requirement that technology and processes must meet the requirements of defensibility in connection with legal and regulatory matters. “Legal defensibility” as discussed herein is measured by various rules of civil and criminal procedure, as well as standards for the admissibility of evidence in courts of law, alternative dispute resolution, administrative and legislative hearings. These rules may require the application of scientific principles and practices to the legal process. Amongst these principles include defined repeatable processes, established procedures for testing and auditing results, and the potential for peer review.
The second concept relates to ensuring that potential human and/or machine errors are anticipated, and the attendant risks are mitigated in advance. Sound processes for Service Providers, therefore, must include implementation and ongoing maintenance of protocols, hardware and software, that reduce the impact of any such potential error. Quality control and assurance should be an organizational imperative for Service Providers, and a Service Provider’s failure or refusal to proactively address these issues not only raises the potential of litigation based upon a perceived or actual legal liability, but is by itself ethically suspect.
A Service Provider offering a product for use in the legal and regulatory process should, upon request, provide to a Client sufficient detail regarding the operation of its product to permit the Client to adequately assess the potential legal defensibility of that product. While a Service Provider may not be required to disclose any trade secrets other than by valid court order, a Service Provider’s refusal to make full disclosure of any facts that may impact the legal defensibility of its products and processes may be taken into consideration by a Client in selecting a Service Provider. If a Service Provider elects to disclose trade secrets during the selection process, it may reasonably request appropriate legal protections be implemented.
In honoring a Service Provider’s request to protect proprietary information, a Client should not disclose any such information to any individual or organization that has no direct interest and involvement in the selection of the Service Provider for the purposes of the engagement.
Service Providers should establish and implement procedures to secure and maintain confidentiality of all Client ESI, communications and other information.
Clients should work with Service Providers to ensure that reasonable measures, appropriate for each engagement, are established and implemented by all concerned parties to secure and maintain confidentiality of all ESI, communications and other information.
The principle of confidentiality is deeply rooted not only in the basic expectation that Client information will be protected from disclosure to unauthorized parties, but also with due regard to applicable evidentiary issues. We give significant attention to the principle of confidentiality throughout this Model Code, and the requirement for all parties to take reasonable and affirmative steps to preserve the confidentiality of Client ESI, communications and other information.
We repeatedly use the phrase “ESI, communications and other information” in this Principle, with the intent that confidentiality shall broadly cover all case/matter related materials, in electronic or hard copy form, as well as relevant work product and written or verbal communications related to the engagement.
Likewise, we consider work product to be broadly inclusive of all engagement related documents, including, but not limited to, RFIs/RFPs and responses, instructions, project specifications and scoping documents, chain of custody materials and status reports.
We intend the term “communications” to be inclusive of all exchanges by or between the Client and Service Provider, as well other related and authorized parties involved in a case/matter. We firmly believe that such exchanges should be presumed confidential, without regard to whether such exchanges fall under the legal definitions of information covered by the attorney-client privilege or under the doctrine of work product.
The guidelines advise implementing reasonable procedures to secure portable devices. For the purposes of this Principle, such devices are not limited to those that are typically used for the transportation of case specific Client ESI, such as USB hard drives, but are intended to broadly cover all portable devices containing confidential communications and other information. We intentionally do not distinguish one portable device from another, since all ESI, communications and other information must be safeguarded from unauthorized access or release regardless of the precise device on which such information is housed or carried.
The guidelines additionally advise implementing reasonable measures in securing ESI, confidential communications and other information from logical security penetration, either while the ESI is housed or in transmission. Logical security is defined by one common source as “software safeguards for an organization’s systems, including user identification and password access, authentication, access rights and authority levels.” Because transmission of such ESI is between at least two parties, determination of what is reasonable applies equally to both Service Providers and Clients.
As a practical matter, we note that certain Service Providers have implemented physical and logical data security practices in accordance with recognized certification standards such as SAS70 or ISO-27001. Clients should be aware that under those standards, the Service Providers cannot operate their security programs below certain thresholds. As a corollary, we recommend that Clients cooperate with the operational constraints inherent in such SAS or ISO certified operations so as to ensure that data security is consistently maintained above certain those minimal levels and are equally supported by all Service Providers involved throughout the case/matter.
Subject to Principle 3, Service Providers should maintain confidentiality absent express release by the Client, or as otherwise provided in a written contract between the parties, even in the event that confidential communications or other information become part of the public record.