Mapping your data streams: know what ESI you have and where it is
How prepared is your company to respond to a litigation matter? If the thought of receiving a preservation letter in advance of a lawsuit or an investigation makes you break out in a cold sweat, we can help! We’ve identified eight key best practices to help you optimize your overall litigation readiness. First up: mapping all of your business’s data.
Inconsistent Data Management Impedes Preservation and Collection
The first stages of litigation response require preserving data that may be relevant to the matter.
But if you don’t know what electronically stored information (ESI) your business is creating or where that data is, you’re dead in the water. Too often, multiple copies of critical information exist in multiple locations, under the control of who-knows-how-many custodians. Your company may even be generating new data streams that you don’t know about, such as Slack.
Data Mapping Enables Comprehensive Preservation
A data map is a comprehensive list of locations where data resides in your organization. While some teams prefer to create sophisticated, visual data maps, a simple spreadsheet will suffice – as long as it includes a complete inventory of where data is created and stored within your organization.
Start by determining what types of data you’re creating including computers, laptops, mobile devices, email, file servers, shared network drives, local storage devices, social platforms, databases, cloud data repositories, web applications, and more.
Document where each type of information is stored. Be mindful of the many silos that may exist, from on-site servers and individual computers to cloud storage accounts. If your company has a bring-your-own-device (BYOD) policy, remember to include personal mobile devices such as phones and tablets in your data map.
Also, document your legacy data sources and data archives – for example, capture what email systems were used in the past, when the organization transitioned from one system to another, and how legacy data was either retained and/or migrated into the new system.
You’ll also want to verify who has access to each type of information and who manages it, so that you can identify the key custodians or data stewards for each different type of data and repository.
Other helpful details include the volume of data in each location, the purpose of the data, and the date ranges associated with the content.
Top Tips for Mapping Data and Managing ESI
- Identify the common data that applies to most of the matters or investigations you encounter. For the fastest return on your effort, focus on this data first, building up your business’ institutional knowledge about its own operations.
- As you scope new preservation and discovery obligations, keep track of what you learn and update your data maps to retain institutional knowledge.
- Check with other departments to see if anyone has, unbeknownst to you, adopted an application that’s generating a new data stream, such as a collaboration application like Slack or Wickr or a messaging application like Voxer or Telegram. Create — and enforce — a policy governing the use of new applications.
- Be comprehensive and thorough when preparing your data map. Don’t limit yourself to just thinking about the computers you can see in your offices: think about every application that generates data and every silo that stores it. Talk with your IT department to see if there are potentially relevant data streams you haven’t previously accounted for, like sensors, cameras, or door access devices.
- As you map data, look for opportunities to purge the ROT — redundant, obsolete, and trivial data — as well as outdated information. You shouldn’t preserve or collect unnecessary data, so get rid of it as soon as you can.
- Look for ways to leverage other information governance and cybersecurity initiatives within your organization to assess risks and identify data repositories.
- Remember that mapping your data map isn’t a one-time event that you can check off your list. Plan for routine maintenance and upkeep on your data map so it’s always current and comprehensive.
Although the data mapping process may seem daunting, it can enable your team to respond quickly and defensibility in the event of litigation or investigation.
Stay tuned for the next in our eight-part series, Corporate Litigation Readiness Best Practice #2: Refine Your Policies!