Members of the International Standards Organization a 66-year-old body with 162 member nations, tackling everything from bank transactions to shoe sizes are forming a new committee to develop standards for e-discovery processes.
The standards, if passed, would define procedures for technology companies, discovery providers, and their clients to follow when handling digital data. "This international standard provides guidance on measures, spanning from initial creation of [electronically stored information] through its final disposition, which an organization can undertake to mitigate risk and expense should electronic discovery become an issue," a draft of the committee charter states.
If products and services are certified as ISO-compliant, then a party and their counsel could more easily decide what to purchase, and judges could be sure that electronic data discovery follows uniform methods, explained Hitachi Data Systems' Eric Hibbard, who is co-editor of the project and serves as international representative on a U.S. contingent to the organization.
The proposed e-discovery committee is part of ISO's cybersecurity unit. That's because the unit already standardized aspects of digital forensics such as identification, collection, and preservation of electronic evidence, so it has experience in working in legal topics, Hibbard said. Discovery didn't fit into any other ISO groups, he added.
"We're not trying to impose requirements on lawyers or judges. That's not the intention of the activity. It's really intended to help them sort through some of the technology issues that are really nebulous," Hibbard said.
In addition to describing how discovery services and software should operate, the standard would refer to product auditing aspects. It would cite the long-standing ISO 9001 quality control procedures, used by more than 1 million businesses worldwide, according to a recent survey. E-discovery companies could then achieve certification and advertise their products as ISO 9001-compliant. The standard would also relate to the existing ISO forensics work, Hibbard said.
There are 37 corporate members of Hibbard's cybersecurity committee, including Booz Allen & Hamilton Inc., EMC Corp., Hewlett-Packard Co., Microsoft Corp., and Symantec Corp., all with significant presence in e-discovery. Because the committee was not originally formed to cover EDD, the member companies may need to modify their representation to account for its expanded focus. HP and Symantec have the largest EDD involvement, with their ownership of Autonomy and Clearwell Systems, respectively.
ENDORSEMENTS AND CONCERNS
Several e-discovery experts polled by Law Technology News said they support Hibbard's premise, while exhibiting some hesitancy of the unknown.
Tom Barnett, e-discovery practice leader at corporate investigation company Stroz Friedberg, supports the proposed committee. "I think it'll be good for the industry to be able to separate the people who are really serious about process and quality control from the people who aren't," he said. "E-discovery has become a multibillion-dollar industry. But in some ways it still operates as as a startup industry, and standards like these have not been implemented," said Barnett, who is based in Los Angeles. "It's allowed for a wide variety of quality standards or no standards sometimes."
"E-discovery is not a legal process. It's a technical and engineering problem. You need a standard," Barnett continued. "Because it really is a relatively new industry, a lot of people do things their own way."
Jackson Lewis partner Ralph Losey, of Orlando, Fla., also supports the concept. "I'm all in favor of these quality control standards as things that should be followed by vendors. ... ISO is something that can be imposed on vendors to help make sure we're getting the same thing," he said.