In e-discovery, human and machine glitches, malfunctions and errors are inevitable. However, not efficiently dealing with problems as they arise could lead to a tarnished reputation, loss of business for vendors, and in some instances even ethical violations and sanctions, according to a panel on e-discovery ethics held last Friday at Proskauer Rose’s 11 Times Square office in New York.
The panel, “Ethical Forks in the Yellow Brick Road: Lions, Tigers, Bears and the Search for E-Discovery Wizards,” was part of the ABA’s “8th Annual National Institute on E-Discovery” and moderated by John Barkett, partner at Shook, Hardy & Bacon. “We’ve all had [e-discovery] cases that have gone south on us,” said panelist Cecil A. Lynn, director of e-discovery and technology at eBay Inc.
During the presentation panelists put various ABA rules under a microscope to see how they apply to e-discovery, including rules 1.1 (competence), 1.6 (confidentiality) and 5.1 and 5.3 (supervising lawyers and non-lawyers, respectively).
Other topics broached during the discussion were certifications, reading the fine print in vendor contracts and best practices for surviving a technological meltdown.
When putting sensitive client litigation information on a cloud provider it’s important to verify vendor certificates (e.g., SSAE 16 and ISO 27001), according to panelist Mathew Gillis, VP and managing director of litigation tools and professional services at LexisNexis. An outside auditor, according to Gillis, should conduct penetration tests regularly. Having these credentials is a good indicator that a vendor will meet “ethical obligations” and that their processes are “up to snuff according to an objective standard,” Gillis said.
To help avoid a catastrophe, service level agreements need to be examined with a fine-tooth comb before data is transferred, according to Gillis. In some instances clients are charged large sums of money to retain data after litigation, he said. Contracts should specifically explain how data is to be handled, archived, returned or destroyed at the end of a case, Gillis said.
Audience member Megan Jones of Hausfeld commented that many boilerplate vendor contracts have clauses in six-point font that require clients to buy back their own data.
DEVILS IN DETAILS
“In a vendor contract, the devil is in the details,” said Jones.
Due diligence is crucial at the contract stage, said eBay’s Lynn. Lynn said he’s eager to get on a call with outside counsel and a potential vendor to discuss contract details to avoid an overlooked stipulation (e.g., data can be destroyed at the end of a case if the bill isn’t paid).
The most important vendor attribute, Lynn said, is having a backup plan in case of a data disaster (e.g., a system shutdown due to outdated tech). If a contingency plan does not exist, Lynn said he’ll take his business elsewhere. It’s also impetrative to know where data is being hosted down to the street address, as well as where redundancy is located, Lynn said.
A secondary data center should be located at a considerable distance from its primary in case of a natural disaster, according to LexisNexis’ Gillis.
No comments:
Post a Comment