The first two steps in the Electronic Discovery Reference Model are Information Governance and Identification. To be effective in each of these steps, you will need a data map. The last thing you want is to explain to a judge after a 26(f) conference that you’re “still trying to locate and understand the data” your client has stored. They have had the entire life cycle of their business to understand it; the fact that you or your outside counsel must scramble to do it now is unlikely to help your case. Further, with the increased focus on cooperation in the discovery phase of litigation, it is important to know what you have and how to meaningfully talk about it.
A data map is a document or series of documents that identify the Electronically Stored Information (“ESI”) within your organization. A data map is not a complete and total picture of all of the ESI down to every individual file and email; rather, it is a way to identify systems, drives, and stores of data as well as who owns and is custodian of each. In order to be most valuable, a data map should capture not just the current state of ESI within an organization, but also prior iterations, including legacy systems, identification of the location and content of backups and disaster recovery systems, and the owners and developers of each. Additionally, with the rise of wearable and connected devices, knowing what is on your network beyond traditional ESI like email may become more important. ESI can be found in vehicles, wearable devices, and smartphones. It should all be identified in your map. The best way to identify all of this is through custodial interviews.
Your organization’s data map should be designed to identify many important questions about your ESI. Questions you should ask about your organization’s ESI include: What is it, how long will it be needed, who can use it, and how accessible is it. Other important questions include why are we keeping it, what are the legal and regulatory requirements about it, and how much does it cost to keep or destroy? In a later post, I will give you a checklist of the important questions required to create or update a data map by using custodial interviews.
There are some difficulties in putting together a data map, as ESI by its very nature is constantly changing and evolving. This is why it is important to regularly update a data map as new systems come online, new employees join your organization, and new initiatives are started. This can be accomplished by creating a cross-functional team which combines members of the IT and Legal departments as well as Compliance, Business, and HR departments.
In addition to identifying what ESI exists, a good data map will tell the user how extraction should be done and how difficult it would be. In the case of structured and semi-structured data, it will also identify standard reports, the location of documentation to demonstrate what data is stored within the system, and how to get data out most easily.
One of the most important reasons to have a data map is to know what can be deleted. Older systems and data that are not subject to holds, and which are not part of a contemplated hold, can often be defensibly deleted. Without knowing what is stored within your organization and where it can be found, there may be troves of outdated and unneeded data sitting around. This can cause even larger issues when litigation actually comes. Extraneous data can only be identified as extraneous when you understand what your organization has and holds already.
The sooner you start the process, the better off you are. There are several reasons for this. First, the persuasive power of having a constantly updated document, started when litigation was not contemplated, is far greater than pulling one together at the last moment. Second, when a data map already exists at the time litigation is contemplated, a meaningful and well-tailored litigation hold can result. This can save your client on storage fees and prevent the review and potential production of irrelevant and nonresponsive data, saving even more money. Finally, a data map makes it easier for outside counsel and consultants to get quickly up to speed on your matters and what sorts of ESI your client has.
Some have argued that automatically creating a data map using software is adequate for every stage before litigation is contemplated. In fact, the automated creation of a data map misses some of the more beneficial aspects of creating the map itself. Custodial interviews can put employees on notice that their ESI may be the subject of litigation or an investigation at some time and serve as a vehicle for education about corporate communications. The map itself gives department heads a sense of what ESI lives in their organizations and can give insight into the world of unauthorized “shadow” IT systems. Whether it’s ESI which lives on employee devices in a Bring Your Own Device context or databases created with Filemaker or Access, the best and easiest way to find this ESI is to ask a comprehensive set of questions and check the answers on a regular basis.
In my next piece, I will cover more specifics of what should be in the data map itself, who in the organization you should interview, and how do you use the data map once it’s created.
Finally, I will give you a sample checklist and template for your own customization and use within your organization.
Other Articles in this Series: