Français
 
 Data Mapping - The Good, The Bad and The Ugly
Minimize

Data mapping is a critical and common aspect of the eDiscovery electronic data ‘Identification’ process. In a nutshell, a data map is a high-level description of the types and locations of documents and information produced and stored by an organization. Data maps greatly simplify the processes of preservation and collection for a legal team involved in litigation. That’s the good part.

The bad part is the amount of time, effort and money that may be required to get the job done. And the ugly bit is the effort that will be needed to keep the data map current in perpetuum, to address the needs of future litigations, should your organization choose to adopt this approach to data mapping.

The U.S. Federal Rules of Civil Procedure Rule 26(a)(1)(A) mandates that each party must provide “a copy – or a description by category and location – of all documents (or) electronically stored information”. The same rule, in paragraph (f), specifies that the parties meet within 99 days of the onset of litigation to plan eDiscovery. Since a list (or data map) is much easier to produce than actual ‘copies’, data maps are now the norm in U.S. litigation. At the same time, 99 days is usually not enough time to research and create an accurate data map for a large organization; this requirement tends to drive the creation of data maps on a litigation readiness basis for these organizations, rather than as a reaction to a specific law suit. 

In Canada we have no such rule, although the Discovery Plan requirement of Rule 29.1.03(2) of the Ontario Rules of Civil Procedure mandates agreement on eDiscovery “before the earlier of (a) 60 days after the close of pleadings...and (b) attempting to obtain evidence” (unless another agreement is reached between the parties). While there is no specific reference to a data map, the extremely tight time frame and associated need to define and issue a legal hold make creation of an organizational data map one of the highest priorities for an organization’s legal team in a case potentially relying on electronic data.

So what’s involved in creating a data map? The answer is...it depends. There are actually two distinct approaches to data mapping, more or less dependant on the litigation profile of the organization. 

Dynamic Data Maps

The approach currently embraced by most major multinational companies that are routinely involved in litigation is the creation of an all-encompassing organizational data map supported ad infinitum by dedicated resources, which we at H&A have coined as a “Dynamic Data Map.” Dynamic data maps enable an organization to quickly and efficiently respond to new litigation holds and data requests with minimum disruption to the organization’s business. The downsides to this approach are cost and degree of difficulty.

In the words of Bruce Philips, Vice President, Information Security at Fortune 500 Fidelity National Financial , (dynamic) “data mapping is not for the faint of heart” i . Like any major initiative in a large, multi-location firm, getting buy-in, and funding for, a data mapping project can be almost as difficult as the technical execution. In Fidelity National Financial’s case, several factors common to other financial service and insurance firms further complicated matters. A recent acquisition meant that no one in the organization had a good handle on all of the information systems the firm used, and who ‘owned’ each system. In addition, the company operates in a regulated industry which requires retention of a great deal of paper, and of legacy systems to manage this paper.

While driven by the legal requirement to respond quickly to discovery requests, Fidelity National Financial found that a data mapping project that outlined the entire corporate structure, as well as reporting relationships, and identified specific custodians and their managers, held great potential value for both their IT and Business Continuity groups. In fact, inclusion of these groups proved to be essential to making this two-and-a-half year project feasible. “If you don’t have multiple constituents, don’t try it. That’s my advice to anyone,” says Philips. He goes on to say, “The hardest sell is IT because...it’s electronic data. So who is going to be hardest hit in maintaining and upgrading the data map? You have to find the benefit for IT.” 

Mr. Philip’s comments are echoed by Ganesh Vednere, a content and records management consultant with Capgemini Financial Services, in an article for AIIM; he is surprised to see that completed data maps are often relegated to legal instead of being widely used by all departmentsii . Vednere suggests that data maps “can be used for everything from IT portfolio rationalization to IT asset management and business process improvement” and that it is “incumbent on the data map team to undertake...to publicize, communicate and demonstrate how it can be and is useful to various cross functions within the organization.” 

Case-Specific Data Maps

Unfortunately, skipping the data mapping phase or embarking on a two-year project are not options for most businesses which are faced with pending litigation. This is where the second type of data map comes into play – the case-specific data map. This approach to data mapping is far more pragmatic in nature and is probably more suitable for an organization with limited resources and a low likelihood of future or multiple litigations over which to allocate the costs of dynamic data mapping. A case-specific data map focuses on the informational custodians and repositories that are deemed to be most potentially relevant to the case at hand, rather than mapping the entire organization in depth.

In Ontario, litigation holds and discovery plans routinely rely on data maps to limit the potential scope of data retention and discovery. Of little or no value is a superficial data map that does not reflect the organization’s actual data retention structure. It is vitally important, therefore, to put maximum effort into the construction of a case-specific data map, should an organization choose to adopt this approach to data mapping. 

Components of an ESI Data Map

At this point, we should acknowledge that the term “data map” is a misnomer; very few data maps are formatted as diagrams. Instead, a data map typically takes the form of series of lists and charts, often in Microsoft Excel or even Word, which may contain links to various levels of sub-lists. The complexity of the overall ‘map’ will normally correspond to the size and scope of the organization and its IT system configuration and/or history.

A typical ESI Data Map will include the following components:

  1. A high-level, software independent catalogue of type of ESI that the organization produces, such as reports, documents, emails, schedules, plans, etc.
  2. An identification of all structured, semi-structured and unstructured ESI that contains business records.
  3. A listing of who manages the various types of information (this may be subdivided into departments, if it makes logical sense).
  4. A list of the IT and business unit managers most likely to be responsible for the systems and information that store relevant ESI.
  5. Related ESI Policies, such as document retention, backup, and acceptable use policies, as well as the name, title and contact information of the person or people responsible for enforcing these policies.
  6. An evaluation of the accessibility of the various types of information, with the goal of identifying sources of ESI that may be too difficult or costly to access, in order to support claims that data is not readily accessible.


Building an ESI Data Map

So where do you start? Consultant Craig Ball counsels that where matters less than "when and with whom"iii; in other words, just start. It will help, however, if you prioritize your efforts by first identifying and analyzing the data stores and systems regularly accessed by the key custodians you have identified as critical to the issues at hand.

The steps normally involved in building a case-specific ESI data map are as follows.

  1. Obtain buy-in from senior management – this can be critical, particularly in the case of large companies and correspondingly time-consuming data mapping challenges.
  2. Meet with the entire case legal team (which may include In-house Counsel, External Counsel, eDiscovery experts, IT representatives, Information Security representatives, Compliance officer, Records Manager, etc.) to:
    1. define the current litigation environment, processes, objectives and implementation issues;
    2. define the scope of the Data Map in terms of case requirements;
    3. define the project scope in terms of systems, structured data, unstructured data and various media to provide a clear direction for the data collection and interview processes; and
    4. specify the level of detail required to suit the requirements of the various parties involved. Note that the level of detail should be adjusted for different parts of the data map, based on the primary areas of risk. For example, the level of detail shown for email system may be much greater than the level of detail for enterprise database systems if the litigation primarily involves communications between individuals.
  3. Conduct interviews with key personnel.
  4. Interview IT and business unit representatives to understand and validate all potential sources of data.
  5. Prepare a draft data map report.
  6. Review the draft report, adjust levels of detail and scope as required, and produce the final data map report.
  7. Present the data map report to senior management and all members of the case legal team.

Summary

Whether your organization is embracing data mapping on a dynamic or case-specific basis, the negative aspects of our “Good, Bad and Ugly” analogy shouldn’t really be looked at as negative, just the price of doing business. The “good” benefits of both dynamic and case-specific data mapping projects will almost always outweigh the “bad” costs of each project, as long as the data mapping is conducted with a strong project management orientation. And for litigious companies or industries, the “ugly” short-term-pain for long-term-gain costs of their dynamic data mapping processes will ultimately pay off in a number of different ways for their organization. At H&A eDiscovery, we have experience with data mapping projects of all shapes and sizes. Should your organization need data mapping assistance in response to pending litigation or in the broader context of a dynamic litigation readiness project, please call Oleh Hrycko at 416-233-5577 for a no-charge consultation.

i.        Data Mapping: How to Make It Work. Interview with Bruce Philips, Vice President, Information Security Manager at Fidelity National Financial by Jane Goodchild, Senior Editor, CSOonline, August 11, 2009. http://www.csoonline.com/article/499439/data-mapping-how-to-make-it-work

ii.     The Quest for eDiscovery: Creating a Data Map. Ganesh Vednere, AIIM Infonomics Website - November/December 2009. http://www.aiim.org/infonomics/quest-for-ediscovery-creating-data-map.aspx

ii.     Craig Ball, in his blog site, Ball In Your Court. September 23, 2011. http://ballinyourcourt.wordpress.com/2011/09/23/

 

 

 

Print  

The Impact of Similar-Document Review Technology

Using technology to group similar-documents and code them in the same manner, rather than reviewing and coding them individually, can save significant document review time.   More

H&A eDiscovery Releases 2nd Edition of ’Electronic Discovery in Canada’ Book

Electronic Discovery in Canada provides introductions to the unique characteristics of electronic data and to current Canadian eDiscovery practice directions.   More
 
H&A Forensics
Copyright 2009 by H&A eDiscovery