A data map is a structured analysis of the target company's sources of data which could be potentially relevant to a legal investigation. During an eDiscovery project, the identification stage is about gaining a complete understanding of this data map and how it relates to the organizational (org) chart. Some companies will have a data map, an org chart and specific data retention policies already prepared and in place. These practices can vary between companies and even between departments. When litigation becomes imminent, you may be in a rush to send out a legal hold to prevent intentional or unintended destruction of data. The ordering of tasks in eDiscovery is not as important. Regardless, it is a best practice to put together an accurate data map and continue to revisit it, thereby adding and removing data sources as you gain a more thorough understanding of the data and formally define the scope of the investigation.
A cookie cutter data map template will only be marginally helpful when it comes time to identify potentially relevant data sources for an eDiscovery project. You have an obligation to understand your client’s data and how it is used. You can create your own checklist to follow and audit compliance in a defensible manner. This will leave an audit log of potentially responsive material. Don’t rely on just the IT person or just the custodian or inside counsel. Take information from all of them in a logical structured manner in a data map and YOU make the call on the data map. Don’t approach your client afraid and overwhelmed before you even start. A couple dozen equipped questions will move you towards meeting your obligations and getting what you need.
How To Approach Growing Data Volumes
Data is growing rapidly and people will try to scare you into believing that your obligations are burdensome. According to the World Economic Forum, “the entire digital universe is expected to reach 44 zetabytes by 2020”. That’s equal to 44 trillion GBs. Imagine the hassle of dealing with that! eDiscovery tools will help you manage the documents you need to review. If data volume seems overwhelming before you get in the weeds, there is no need to panic. Preserve the zettabyte out of extreme caution and from there ask the custodians – what do you use?
Based the majority of recent DWR data, many clients are likely to have a narrow set of sources with potentially responsive information. For example, some firms put all contracts into a document management system (DMS) like PandaDocs. Instead of 30 sources you just have one for contracts. Furthermore, there are pro forma and transnational documents that you are obliged to preserve, but you may not have any legal need to manually review them.
In many cases, custodian interviews should reveal a specific and reasonably defined data map. For example, all the communication data could be exclusively in their email. You wouldn’t need to look anywhere else. Take a young software developer – everything is in text. Broad explanations like “in the cloud” or “on the website” still tend to have clearly defined boundaries. Even when custodians outsource certain data to the cloud or a cell phone – the scope of collection is still likely to be reasonable. These data sources are not random.
Custodian Interview Questions
There is no reason to make assumptions about potentially relevant data sources. In our eDiscovery Checklist Manifesto, we include the Initial Client Interview and Custodian Interviews as separate steps in the eDiscovery workflow. These interviews will be ongoing and involve answering some high-level questions about the potential data sources.
- What tools are used by this company to store data?
- Who are the possible custodians which could have access to relevant data?
- Which departments are involved?
- How does each custodian relate to each data source?
High Level Data Mapping Template
As you start to build your data map, first focus on a traditional, high level overview of what is typically discoverable:
- Files from Macs or PCs – text documents, spreadsheets, powerpoints, photos, videos, etc
- Email (including attachments and calendar entries): exported in a PST from gmail, outlook/office 365 or an exchange server
- Files and backups from a hard drive, thumb drive or other external storage
- Cloud storage or file shares
- Data from an internal server
Information Governance Policies
Consider if there are specific policies and procedures for how information is stored, archived and deleted
- Available data search tools
- Internal data storage and deletion policies
- Structure - How is the data available? Internet, website, local?
- Policy - De-facto rules or company policies approved by management?
- Document Management System (DMS) - How are documents named, saved and stored?
Mobile Data And Cloud Applications
Depending on the case at hand, you will best serve your client by considering a wide variety of modern forms of communication and cloud tools. For example, you are obliged to ask: do you use your cell phone? Do you use texts? If you have a work issued cell phone – is it synchronized with your computer or the cloud? If so, everything on their phone should also be captured on your computer and you may not need to collect a forensic copy of the custodian’s cell phone. You must ask questions even if you know the answer will be no. “I understand all the reasonable data sources given the case.” Document everything.
If you find that potentially relevant data exists exclusively on a custodian’s cell phone, you may have to hire an expert or pay for professional services to collect this mobile data in a forensically sound manner.
Mobile Data Checklist - (Consider implications and differences of Apple vs Android)
- Messaging Apps – Whatsapp, Facebook Messenger, Signal
- Location Data
- Meeting and Screenshare Software
- Document Management Systems
- Business Communication Tools - Slack
- Social Media
For more information on eDiscovery identification, data maps, and custodian interviews, see the Digital WarRoom Checklist Manifesto.