Data mapping is the process of creating a comprehensive inventory of an organization’s data. Data maps for ediscovery generally include the following:
- What types and formats of data the organization generates, uses, and stores
- Where that data is stored
- Who is in charge of that data
- When it should be archived or deleted
Despite the name, a data map need not be a graphical representation of data. A simple list or a spreadsheet is often more useful.
Why is Data Mapping Important for Ediscovery?
Data mapping is critical for ediscovery because awareness that information exists is a predicate to any downstream ediscovery process. Simply put, an organization cannot preserve, collect, process, review, or produce information unless it is aware that it has that data. Knowing what data exists, where it is, and what custodians manage it is therefore a key first step in information governance and litigation readiness.
In order to know what data exists, organizations need to have a handle on what ESI they have stored and where. Electronically Stored Information, or ESI, is any information that is created or stored digitally. Under revisions made to the Federal Rules of Civil Procedure (FRCP) in 2006, ESI was legally defined to assist with ediscovery processes as well as to accommodate litigation pertaining to electronic records. FRCP rules state that one party may present another with a legal request for documents and/or electronically stored information – including writings, graphs, charts, photographs, sound recordings, images and other data compilations – stored in any medium.
In addition, according to Rule 26(a)(1)(A)(ii) from the FRCP, organizations are required to do some data mapping. The rule requires parties to promptly produce “a description by category and location  of all documents [and] electronically stored information” that the party has and “may use to support its claims or defenses.”
What to Consider when Data Mapping for Ediscovery
When mapping or inventorying data, organizations should consider three types of questions. First, an organization must assess what types of data it generates or uses. This involves searching for information such as:
- Hard-copy documents, handwritten notes, or printed manuals
- Emails and other forms of correspondence
- Voicemails or voice recordings
- Text messages
- Instant messages
- Conversations from collaboration or project-management applications
- Database information
- Text from websites and social media
- Photos and videos
- Data generated by connected sensors or internet of things devices
Second, the organization should determine where its data lives and where it should look for additional sources of potentially discoverable information. For example, data may be generated and stored on:
- Local laptop or desktop computers
- Internal servers or network drives
- Cloud storage accounts
- File hosting services or vendor-provided storage systems
- Local backup storage devices such as hard drives, thumb drives, backup drives, or cds
- Mobile applications
- Individually owned devices such as cell phones, tablets, laptops, and even home computers, specially—but not exclusively—if an organization uses a byod (bring-your-own-device) policy
- Websites or social media accounts
- Legacy systems or hardware devices that are no longer in active use
Finally, as an organization determines the categories of information it generates and uses and the locations where it may find relevant data, it should also assess what it needs to know about that data. This “meta-information” worth tracking on a data map might include:
- Location of Each Data Type
- Volume That is Generated of Each Data Type;
- Custodians Who Generate, Use, And Manage That Data
- Form or Format of Each Type of Data
- Record-Retention Requirements For Each Type of Data Indicating When It Can or Should Be Moved to an Archive System or Deleted Entirely
- Purpose or Use of Each Different Type of Data
Data Mapping for the Future
A data map, like a store inventory, cannot be created once and forgotten. A functional data map should be a living document that is monitored and maintained over time. Data sources change, custodians retire or switch positions, and new data streams or storage devices are added on an ongoing basis. Organizations that regularly revisit and update their data maps are prepared to answer external ediscovery or regulatory compliance document requests and can respond promptly to the threat of litigation with their own early case assessment.
Data mapping involves creating a comprehensive inventory of an organization’s potentially discoverable data. Data maps for ediscovery should generally include the types and formats of data that the organization has as well as the locations, custodians, and record-retention requirements of that data.