Early in 2013, the international community voted to begin a new project – the development of an international standard for electronic discovery. The proposal for the international standard, referred to as “ISO/IEC 27050 - Information technology – Security techniques – Electronic discovery” (“ISO/IEC 27050”), was put forward by an American delegation to an international subcommittee of information technology and standards experts in Annapolis, France. Six months later, I participated on behalf of Canada in a boardroom in Incheon, South Korea as ISO/IEC 27050 was discussed by members of the international standards community. We decided to create a four-part 27050 standard:
- Overview and Concepts;
- Guidance for governance and management of electronic discovery;
- Code of Practice for electronic discovery; and
- ICT readiness for electronic discovery.
What is E-Discovery?
ISO/IEC 27050 aims to put in place internationally-recognized standard procedures and practices for the stages in a process commonly referred to as “e-discovery”. The stages of the e-discovery process are generally believed to include the identification, preservation, collection, processing, review, analysis and production of electronically stored information. The challenges associated with e-discovery include the huge volumes of electronic information in the possession or control of most companies, the ease with which electronic documents are duplicated, transferred and dispersed, the dynamic and changeable nature of electronic information, difficulties with respect to disposal of electronic information when desirable, and the fast pace of technological change which can render obsolete the hardware and/or software required to review electronically stored information.
Why Should You Care about an E-Discovery Standard?
There may be legitimate differences of opinion as to whether an International Standard in e-discovery is possible to achieve or even appropriate. That being said, if ISO/IEC 27050 becomes a published International Standard through recognized international protocols, it is difficult to imagine that Canadian companies and their service providers, especially those engaged in cross-border transactions, court proceedings or regulatory proceedings, will be able to ignore its guidance.
International standards are often referenced in cross-border contracts. Indeed, the raison d’être of the international standardization process is to facilitate international commerce. Further, international standards can affect judicial decision-making in Canada even where the parties did not contemplate the applicability of international standards. More particularly, courts may take into account international standards when determining whether a party’s conduct was objectively “reasonable” so as to escape liability for alleged wrongdoing. In my view, ISO/IEC 27050 may well impact Canadian courts’ views as to reasonable e-discovery conduct.
What is the Timeline for an International E-Discovery Standard?
In April, I will spend a week in Hong Kong, as the e-discovery subject matter expert to Standards Council of Canada, to negotiate and draft the working drafts for the four-part standard. It is my hope that this work will result, in two years’ time, in internationally recognized, practical best practices to help Canadians deal with the vast amounts of data they are forced to contend with when involved in litigation and regulatory investigations.