Every day, the volume of electronically stored information (ESI) that organizations must manage grows more staggering. In May 2021, the World Economic Forum reported that each day on Earth, humans generate:
The Forum also estimates that this already mind-blowing volume expands at an estimated compound growth rate of around 61 percent.
As in-house counsel, you’re not facing quite that scope of data, but you’re likely nonetheless dealing with an overwhelming amount—especially if your organization’s data hasn’t been managed properly. That’s why you need to create and maintain a comprehensive Information Governance data map for eDiscovery.
What is a data map?
Why your company needs a thorough data map
How to create a data map for an efficient eDiscovery process
1. Include the right people on the team
2. Ask the right questions
3. Build a data inventory
4. Track all information governance policies and procedures
5. Structure your data map
6. Maintain your data map
Manage growing data volumes with an eDiscovery solution
Download the whitepaper to learn how eDiscovery helps you easily sift through huge volumes of data and find all relevant documents for a case in a fast and cost-effective manner.
A data map is a comprehensive inventory of a company’s data and IT systems. A data map should list all of your organization’s IT systems and sources of ESI, along with pertinent details about each source. Specifically, it should include:
Given the amorphous, vast, and ever-changing nature of data—and especially with our pivot to remote work during the pandemic—you want your data map to be an adaptable inventory of your IT network. To keep it current, you’ll also want to establish a schedule for regularly reviewing and updating your data map.
What does your organization gain by creating this type of data map? Let’s turn to some of the advantages of comprehensive data mapping.
A data map can give your organization significant tactical and strategic benefits in the event of litigation, regulatory proceedings, government investigations, and internal reviews and audits.
For example, an accurate data map can save you time and effort when you’re preparing to preserve and produce data for discovery. You can use your data map to identify where potentially discoverable data is held so that a subject-matter expert can focus on those data sources during a legal investigation or regulatory compliance request. A data map will prove invaluable when you need to issue a legal hold, because it can also help you pinpoint and preserve relevant data, thereby reducing the risk of spoliation. Further, it will offer support for your position in the event that certain ESI is not reasonably accessible.
Data mapping can also help you assess your organization’s privacy and security risk profile. With a comprehensive data map, you can determine whether your company has adequate security controls, thus preventing data loss and security breaches. You’ll also be able to quantify and manage risks to your data as well as inform compliance with data privacy laws like the EU’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
Additionally, a data map can help ensure that you’ve met your ethical obligations. Federal Rule of Civil Procedure 26(a)(1)(A)(ii) requires parties to share “a description by category and location … of all documents [and] electronically stored information.” More generally, comment 8 to ABA Model Rule 1.1 requires lawyers to demonstrate technological competence. Creating and maintaining a data map shows that you’ve made a reasonable, good-faith effort to document your organization’s IT systems.
Creating a clear, comprehensive data map has proved to be an efficient, cost-effective, and integral investment for a company’s information governance and eDiscovery. By taking a proactive approach, you’ll know how your organization generates and stores electronic information, how long that data is retained, and how you can best search for and retrieve that data.
These six steps will help your organization build its own data map.
Create a team that will facilitate the data-mapping process. Starting with the initial planning meetings, it is important to include team members from IT, legal, compliance, risk management, human resources, data privacy, information security, and each business unit so that your information governance protocols reflect the needs of all stakeholders within the organization.
This team must work collaboratively to break down any organizational silos so that your data map is as comprehensive as possible. This is critical to minimizing disruptions within business operations.
Corporate counsel must know how the company works so that all data sources are included in the data map. So, beginning with the business units, ask how employees create, use, and share data on a day-to-day basis.
In addition to traditional sources of information like computers and email accounts, consider other potential data sources in light of the practical ways that your company culture operates. Ask questions like these:
Using the insights gained by this questioning, the IT department should weigh in on its policies and procedures for processing, maintaining, archiving, and deleting data within your organization. Account for everything, including data archives, backup tapes, legacy software, and retired technologies.
Make sure you consider these common data types:
Check these common places where employees may store their data:
While you’re taking stock of your ESI, it’s a good practice to ensure that your organization is following its policies and procedures by deleting any data that is no longer needed. Defensible deletion is a prudent best practice for risk mitigation, ensuring that only necessary and relevant data is preserved.
You’ve probably (hopefully) already drafted and implemented an information governance policy that takes into account any federal, state, and local data retention requirements. Make sure you’ve included this detail in your data map. That way you can double-check that your organization is following its data retention schedules each time you update your data inventory.
A spreadsheet is generally the most useful way to organize a data map. Be sure to use “plain English” to describe your IT systems, their purpose, and their role so that nontechnical and nonlegal readers can understand these technical terms and concepts.
Ensure that your data map answers questions about the IT systems, including:
eDiscovery data maps are only valuable if they are up to date. Most companies regularly update and upgrade their IT systems, install new applications, and replace old hardware. That’s why it’s so important for a designated individual (likely a member of your legal team) to review your data map at designated intervals (monthly, quarterly, or annually).
A comprehensive data map for eDiscovery offers a fantastic way for corporate counsel to save money, save time, gain faster insights, build institutional knowledge, and learn to predict—and head off—problems.
Data maps are powerful tools in your information governance and eDiscovery arsenal. They can:
Of course, none of this would be possible without modern eDiscovery tools that combine automation, artificial intelligence, cloud-based deployment, and intuitive user interfaces. These tools empower corporate legal departments to understand their data well before litigation strikes.