Here's a continuation of my outline of the 2016 edition of Craig Ball's Electronic Discovery Workbook which I last posted about November 20, 2016.
VI. Data Mapping
A. Electronically Stored Information
As amended in 2006, the FRCP do not define ESI because of technology's tendency to outpace definitions given in the law. Generally people have a poor understanding of the ESI in their possession, custody or control. Parties have been punished by the courts for not knowing what form ESI is in; which custodians hold it; where it is stored; and whether or not it may be altered or deleted. In e-discovery, a custodian is not necessarily one with the right to grant access to data and responsibility for ensuring its security, but one with the practical ability to access ESI.
B. Data Mapping
1. The Gartner consulting firm defines Information Governance as “the specification of decision rights and an accountability framework to encourage desirable behavior in the valuation, creation, storage, use, archival and deletion of information. It includes the processes, roles, standards and metrics that ensure the effective and efficient use of information in enabling an organization to achieve its goals.” Ball notes that it is like the Loch Ness Monster or Bigfoot - something many believe in but few have seen in the wild.
2. A data map is not like a Visio generated network diagram. Most businesses don't have an Electronic Data Discovery data map - network diagrams and RIM retention schedules are not sufficient. It is usually not a diagram, but more often a list or spreadsheet. Usually an outside electronic discovery vendor prepares the data map.
1. FRCP require parties to identify not reasonably accessible ESI, even if it does not need to be reviewed.
2. Data map better described as information inventory.
a. History of human resources.
b. History of information systems.
c. History of projects, facilities, and tools.
d. Physical sources (e.g., hard drives). May contain multiple logical sources.
e. Logical sources (e.g., a custodian's email collection.). May be on multiple physical sources.
3. Data Map Items:
3. Physical Device or medium
4. Volume in bytes
5. Number of files
6. Time span
7. Tasks the ESI is used for.
9. Data Deletion or Loss Possibilities.
D. Data Mapping Tips
1. Custodial interviews must be conducted but they are usually not reliable.
2. Amortization and depreciation schedules can provide information on what systems a company has.
3. Personally review storerooms, servers, and hard drives.
4. Balance obligation to preserve against the cost of doing so.
5. Can be barred from introducing exculpatory information if it is not quickly identified.
E. Creating a Data Map
1. Get a list of all systems. Some may be hidden, or home-grown applications.
a. Physical servers.
b. Virtual servers.
d. Externally hosted systems
2. Document System Information
a. Structured or unstructured data?
b. System dependencies
c. Business processes supported
d. Security and access controls.
e. Format of data
f. Reporting capabilities
g. Backup process
h. Is data purged?
i. Total number of users.
j. External access allowed.
k. Audit trail capabilities.
l. Confidential data.
3. List of business processes.
4. Custodians' roles and groups.
5. Organization information flow
6. Storage and Processing of Email
a. automated tools for email maps; link threads; extract metadata.
b. Users storage email archives.
7. Use of Collaboration Tools
a. SharePoint may have most data; there can be thousands of unmanaged SharePoint sites.
b. Social networking tools used?
8. Offsite Storage
a. Untracked boxes or tapes?
F. Appearance of a Data Map
1. Organized functionally or hierarchically.
2. The format of the data map must allow for it to be updated.
3. List both primary and secondary data locations.
4. Which groups have access to the data.
5. A data map administrator should control how it is modified.
6. Encourage the use of the data map for daily operations.
G. Sample Data Map
See: HTTP://craigball.com/Exercise 2_E-Discovery_Data Mapping.xls.