Scenario

During a litigation, a large company received discovery requests that were particularly focused on the company’s electronically stored information (ESI)—e.g., email, document drafts, spreadsheets, and other material stored on the company’s computer systems. However, the company’s ESI was stored on multiple computer systems by various business units. The process of generating litigation holds and responding to the discovery requests was complicated by the company’s need to access data from numerous, disparate sources. After the ESI was produced, plaintiffs complained that the production appeared incomplete in some parts and was duplicative in others. As a result, the company’s general counsel wants to streamline the collection, review, and production of electronically stored information.  

Organizing Information by Data Mapping

A data map is an index of a company’s records and information systems. A data map can provide an easily accessible reference to determine where and how data is stored—particularly data that a company considers most valuable or most risky. For instance, when a company wishes to quickly locate information related to a customer, a data map offers a simple and comprehensive method to identify the multiple business units and information systems where such data may reside.

Benefits of Data Mapping

In addition to helping it better manage its records and information, data mapping can benefit a company in a variety of ways:  

  • More efficient document collection and review in litigation (and reduced risk of inadvertent noncompliance or underproduction);
  • Faster and more accurate litigation holds;
  • Stronger evidence that certain discovery requests are unduly burdensome or duplicative;
  • Greater accuracy and consistency in discovery disclosures and responses;
  • Enhanced management of data security, backup, and record retention policies;
  • Improved compliance with legal and regulatory obligations;
  • Improved communication and data-sharing between business units and with external service providers; and
  • Greater efficiency in business operations.

Data Mapping and Litigation

Data maps can simplify a company’s compliance with discovery obligations imposed by the Federal Rules of Civil Procedure and similar state procedural rules.  

  • Initial Disclosures. A company with sound data mapping policies will have an easier time describing, by category and location, potentially responsive documents, electronically stored information, and tangible materials.
  • Meet-and-confer. A company with a data map will be better prepared to meet and confer about discovery issues. A data map can also help to limit discovery to relevant sources and counter an opponent’s demands for information that is not reasonably accessible.
  • Avoiding sanctions for information loss. A data map showing data retention policies will aid a company with preserving and maintaining potentially responsive data.

Nuts and Bolts of Data Mapping

Designing, implementing, and maintaining a data map involves a company’s legal, IT, and records management staff. Some companies engage an outside consultant to assist in the data mapping process. At a high level, the process of building a data map should include the following steps:

  • Reviewing existing data maps. Various employees or business units may have already generated partial, ad hoc data maps for various purposes. These partial maps may be useful for obtaining an overview of a description of the data and where it is located.
  • Defining scope and level of detail. Depending on the objectives of the data map, it may not be necessary or practical to map all of a company’s data at the same level of detail. For instance, to decrease implementation and maintenance costs, a company may choose to map its most significant data systems in detail, but other systems with less granularity.
  • Identifying key sources. A data mapping team should interview legal, IT, records management and business staff in order to determine which sources of data are most frequently responsive to litigation and other requests. These identified sources can constitute the focus of the data map.
  • Gathering information about the data. A data map should reflect basic information about data sources, such as who created it, the custodian or owner of the data or system, what policies govern retention and maintenance, and how it can be preserved, collected and reviewed, if needed.
  • Understanding how data is used. It is important to understand where a company’s data is actually used and stored on a day-to-day basis. For instance, if employees regularly copy email or other documents to their local hard drives, that can be reflected on the data map. Similarly, employees may create ad hoc backups or secondary data systems that should be mapped as well. This information can be gathered through questionnaires, surveys, and face-to-face interviews with a cross-section of employees.
  • Centralizing the data map. Information should be imported into a central data map that can be easily accessed, searched, and updated. A data map can be created manually or can be created through a semi-automated process by using commercially available data management software.
  • Maintaining the data map. The company should have a plan for updating the data map to reflect changes in the underlying information. Updates should be automated to the extent possible—a data map can become ineffective if updating it relies too heavily on manual effort.

A comprehensive data map can be a valuable asset, particularly with regard to high-value or high-risk data sources. Generating a data map may require substantial time and resources in the long term, but by focusing initially on high-priority data sources, progress can be made in the short term to help reduce legal risks, decrease discovery costs, and enhance records management and data security policies.