eDiscovery
by Gerald Trites,FCA

The discovery process has long been an essential element of civil proceedings in the courts. It involves presentations of both sides to an action of the evidence they plan to introduce into court prior to the commencement of the court proceedings. Generally, evidence that has not been disclosed in discovery hearings cannot be presented in court.

Recent years have seen a huge increase in the volume of evidence coming out of information systems in electronic form. This phenomenon has raised some issues that IS professionals need to consider in designing and managing their systems. While eDiscovery is essentially a legal issue, the IS professionals can get caught in the middle when being asked to find and produce the information the lawyers want. It's wise to give it some forethought before legal actions occur, consult with the lawyers, and develop a strategy for information that could be the subject of eDiscovery.

eDiscovery proceedings need to distinguish between information that is prepared manually and input and information that is developed as a result of computer processes. Original evidence is generally required. In addition, the quality of the information needs to be considered, and that would include the existence of controls to ensure that the information is not altered in an unauthorized manner. So security and control becomes a very important part of the eDiscovery process. IS professionals could be called into court to testify as to the adequacy of the controls to preserve the integrity of the evidence. Clearly, this is a matter to be thought out in advance, and with the advice of legal counsel.

The operation of systems can also be a factor in eDiscovery. For example, what data is going to be kept, in what form, and if it is slated to be destroyed or overwritten, what timing is appropriate? Data retention policies become very important as well as backup.

eDiscovery is a permanent aspect of information systems management, and appropriate policies need to be developed and incorporated in the corporate IS strategies. The June 09 issue of the ISSA Journal has a good article on the subject, which although based on US law, is helpful in understanding the issues in Canada.