Previously published in February 2012.
Keywords: data mapping, benefits, ESI
During a litigation, a large company received discovery requests that were particularly focused on the company's electronically stored information (ESI)—e.g., email, document drafts, spreadsheets, and other material stored on the company's computer systems. However, the company's ESI was stored on multiple computer systems by various business units. The process of generating litigation holds and responding to the discovery requests was complicated by the company's need to access data from numerous, disparate sources. After the ESI was produced, plaintiffs complained that the production appeared incomplete in some parts and was duplicative in others. As a result, the company's general counsel wants to streamline the collection, review, and production of electronically stored information.
Organizing Information by Data Mapping
A data map is an index of a company's records and information systems. A data map can provide an easily accessible reference to determine where and how data is stored—particularly data that a company considers most valuable or most risky. For instance, when a company wishes to quickly locate information related to a customer, a data map offers a simple and comprehensive method to identify the multiple business units and information systems where such data may reside.
Benefits of Data Mapping
In addition to helping it better manage its records and information, data mapping can benefit a company in a variety of ways:
- More efficient document collection and review in litigation (and reduced risk of inadvertent noncompliance or underproduction);
- Faster and more accurate litigation holds;
- Stronger evidence that certain discovery requests are unduly burdensome or duplicative;
- Greater accuracy and consistency in discovery disclosures and responses;
- Enhanced management of data security, backup, and record retention policies;
- Improved compliance with legal and regulatory obligations;
- Improved communication and data-sharing between business units and with external service providers; and
- Greater efficiency in business operations.
Data Mapping and Litigation
Data maps can simplify a company's compliance with discovery obligations imposed by the Federal Rules of Civil Procedure and similar state procedural rules.
- Initial Disclosures. A company with sound data mapping policies will have an easier time describing, by category and location, potentially responsive documents, electronically stored information, and tangible materials.
- Meet-and-confer. A company with a data map will be better prepared to meet and confer about discovery issues. A data map can also help to limit discovery to relevant sources and counter an opponent's demands for information that is not reasonably accessible.
- Avoiding sanctions for information loss. A data map showing data retention policies will aid a company with preserving and maintaining potentially responsive data.
Nuts and Bolts of Data Mapping
Designing, implementing, and maintaining a data map involves a company's legal, IT, and records management staff. Some companies engage an outside consultant to assist in the data mapping process. At a high level, the process of building a data map should include the following steps:
- Reviewing existing data maps. Various employees or business units may have already generated partial, ad hoc data maps for various purposes. These partial maps may be useful for obtaining an overview of a description of the data and where it is located.
- Defining scope and level of detail. Depending on the objectives of the data map, it may not be necessary or practical to map all of a company's data at the same level of detail. For instance, to decrease implementation and maintenance costs, a company may choose to map its most significant data systems in detail, but other systems with less granularity.
- Identifying key sources. A data mapping team should interview legal, IT, records management and business staff in order to determine which sources of data are most frequently responsive to litigation and other requests. These identified sources can constitute the focus of the data map.
- Gathering information about the data. A data map should reflect basic information about data sources, such as who created it, the custodian or owner of the data or system, what policies govern retention and maintenance, and how it can be preserved, collected and reviewed, if needed.
- Understanding how data is used. It is important to understand where a company's data is actually used and stored on a day-to-day basis. For instance, if employees regularly copy email or other documents to their local hard drives, that can be reflected on the data map. Similarly, employees may create ad hoc backups or secondary data systems that should be mapped as well. This information can be gathered through questionnaires, surveys, and face-to-face interviews with a cross-section of employees.
- Centralizing the data map. Information should be imported into a central data map that can be easily accessed, searched, and updated. A data map can be created manually or can be created through a semi-automated process by using commercially available data management software.
- Maintaining the data map. The company should have a plan for updating the data map to reflect changes in the underlying information. Updates should be automated to the extent possible—a data map can become ineffective if updating it relies too heavily on manual effort.
A comprehensive data map can be a valuable asset, particularly with regard to high-value or high-risk data sources. Generating a data map may require substantial time and resources in the long term, but by focusing initially on high-priority data sources, progress can be made in the short term to help reduce legal risks, decrease discovery costs, and enhance records management and data security policies.
Learn more about Mayer Brown's Electronic Discovery & Records Management practice.
Visit us at mayerbrown.com
Mayer Brown is a global legal services provider comprising legal practices that are separate entities (the "Mayer Brown Practices"). The Mayer Brown Practices are: Mayer Brown LLP and Mayer Brown Europe – Brussels LLP, both limited liability partnerships established in Illinois USA; Mayer Brown International LLP, a limited liability partnership incorporated in England and Wales (authorized and regulated by the Solicitors Regulation Authority and registered in England and Wales number OC 303359); Mayer Brown, a SELAS established in France; Mayer Brown JSM, a Hong Kong partnership and its associated entities in Asia; and Tauil & Chequer Advogados, a Brazilian law partnership with which Mayer Brown is associated. "Mayer Brown" and the Mayer Brown logo are the trademarks of the Mayer Brown Practices in their respective jurisdictions.
© Copyright 2012. The Mayer Brown Practices. All rights reserved.
This Mayer Brown article provides information and comments on legal issues and developments of interest. The foregoing is not a comprehensive treatment of the subject matter covered and is not intended to provide legal advice. Readers should seek specific legal advice before taking any action with respect to the matters discussed herein.