Registration is now open for KMWorld 2019. Register now to join us Nov 4 - 7 in Washington, D.C.

Nine Tips for Developing a Data Map

This article is part of the Best Practices White Paper Records Management & Regulatory Compliance [November/December 2008]

In the maze of modern electronic discovery through which in-house counsel and IT departments must travel, data maps offer much needed direction. A data map, as the name implies, is a representation of where a corporation’s data is stored across all of its various repositories—from email inboxes to archived tape storage.

While much of the e-discovery focus is on cutting costs with tools such as Attenex Patterns, data maps can also help to reduce costs and provide strategic advantage, such as enabling teams to place or lift litigation holds or reduce the potential exposure to sanctions. In fact, data maps can empower legal teams to better negotiate with opposing counsel or judges in limiting production based on the burdensome or costly nature of accessing certain types of electronically stored information (ESI). This level of preparation could even force the requesting party to pay for its access.

So how can companies get started developing their own data map? Here are nine tips from a lawyer experienced in e-discovery:

1. Start now. Federal judges are becoming more highly attuned to issues associated with ESI as a consequence of changes to the Federal Rules of Civil Procedure (FRCP) and coordinated efforts to educate the bar and the bench about ESI, including the Sedona Conference Working Group on Best Practices for Electronic Document Retention and Production. There is little patience on the bench for outside counsel or litigants who cannot comply with now established rules, and no one wants to be made an example of non-compliance.

2. Diversify the mapmaking team. Before reviewing a single line of data, create an internal team that includes representatives from the general counsel’s office, records, IT, human resources, finance and accounting. The latter individual(s) will have numbers related to potential damages, as well as compliance information for Sarbanes-Oxley and other regulatory compliance regimes.

This entire team must understand the internal records retention policy and have the ability to modify it as necessary. This should include an appreciation for the computer systems, type of email program (e.g., Lotus Notes or Outlook), the location of the servers, the timing of destruction and backup tape or server protocols (e.g., storage locations and business units to which they relate).

3. Document the software and systems. They should incorporate records and content management software, as well as the storage platforms on which data is housed. Cartographers should apply a similar practice to file and email servers, PCs and laptops, portable drives, PDAs and even cellular phones, if that level of granularity is practical and desired.

4. Compare retention policies with retention practices. Map guides should highlight discrepancies between reality and procedure, and then suggest options for bringing the two into compliance. Since mapping is effectively the creation of a catalog, the contents will be unique to each specific organization. As such, no single standard can satisfy all operations and customization is necessary.

5. Describe records by business unit. As the complexity of a particular map grows, the clarity in its component parts will be essential. Accordingly, those that describe material by the area in which they were made and are kept will make collection and review much easier.

6. Define the need. For each item, determine whether there is an existing legal, business or other reason to maintain certain records. If not, add them to a uniform data destruction plan. Take caution, however, as certain organizations may need to maintain particular contracts through the term of any applicable statute of limitation, or have other fact-specific retention needs. This will often require weighing the advantages of uniformity over document-specific retention.

7. Assess accessibility. Under the FRCP’s two-tiered standard for production of data based on its relative accessibility, a party may not have to produce information that is not reasonably accessible due to the source, such as that found in backup tapes or maintained in legacy programs on older systems, because of upgrades.

For less active data, document the costs associated with accessing this type of information including restoration and any necessary equipment purchases. If deleted material may be relevant to litigation, perform the same calculation for deleted material that can potentially be restored. Determine whether the company uses file-recovery programs that hide deleted files or retain them outside specified arrangements. Log files and Internet histories may contain valuable legacy data and metadata. This could be a source for negotiation and offer some leverage in discussions with opposing counsel.

8. Customize the format. The map itself can be a simple list, a graphical depiction, or a combination of both. The format depends on the complexity of the material at issue. Graphical depictions may include a narrative for ease of reference. The only caveat is to avoid complex data maps, which confuse the reviewer. It must be comprehensive enough to educate outside counsel on internal issues, but simple enough to persuade a judge to make a certain ruling. Judges are now fluently speaking this language at the federal level and states are starting to rely on federal precedent and develop their own as well.

9. Keep the data map updated. If there is a change in the focus or control of the business, the data map should immediately reflect this development. It needs to be dynamic and updated regularly. If one hands an adversary a data map based on a 10-year-old record retention policy, there are certain to be questions about the validity of claims related to the availability of documentation.

Search KMWorld