Data Mapping for eDiscovery:

Data mapping is the process of creating a comprehensive inventory of an organization’s data. Data maps for eDiscovery usually include: what types and formats of data the organization generates/uses/stores, where the data is stored, who is in charge of the data, and when should the data be archived or deleted. This information is best kept in a simple list or spreadsheet.

Data mapping is crucial for eDiscovery because awareness that information exists is a predicated to any downstream eDiscovery process. Organizations unable to preserve, collect, process, review, or produce information unless they are aware that they have the data. Understanding and knowing what data exists, where it is, and what custodians manage it is the first step in information governance and litigation preparedness.

When mapping data, organizations need to consider three types of questions. First, organizations must assess what types of data they use or generate. This assessment involves searching for information such as: hard copy documents, handwritten notes, printed manuals, emails, voicemails, voice recordings, text messages, instant messages, conversations from collaboration or project management applications, documents, spreadsheets, presentations, database information, text from websites and social media, photos, and data generated by internet of things (IoT) devices.

Next organizations have to determine where their dad lives and where they should look for additional sources of potentially discoverable information. Common places to search for data are: local laptops, desktop computers, internal servers, network drives, cloud storage account, file hosting services, vendor provided storage systems, hard drives, thumbs rives, backup drives, CDs, mobile applications, individually owned devices (cell phone, tablets, captions, home computers if organizations have a “bring your own device” policy), websites, social media accounts, and legacy systems or hardware devices that are no longer in active use.

Lastly, organizations should evaluate what they need to know about the data. The “meta information” that is worth tracking can include: location each data type, volume of each data type that is generated, custodians who generate/use/manage that data, form or format of each data type, record retention requirements for each data type (this should indicate when the data can or should be moved to an archive system or entirely deleted), and the purpose of each data type.

Once data mapping is created, it is never fully completed. Data maps are living documents that must be monitored, updated, and maintained. Changes in data sources, storage, custodians, etc can change over time and the map must reflect these changes. Once organizations have data mapping in place, they will always be prepared to answer any kinds of external eDiscovery or regulatory compliance document requests.


For more Tidbits & Thoughts, please click here.