Data Mapping – Critical Preparation for eDiscovery
I just read a fascinating article about a guy who is obsessed with the idea of preserving a “record” or what might be considered a time capsule in grand terms of who we are, not just for future generations but for eons beyond our time…for the civilizations that will replace us, or the aliens who supplant us. It’s a quixotic venture to be sure, but one has to admire his idealism.
It’s a good read about a very intelligent person, but one thing caught my eye that he’s knowledgeable of – the vast amount of data stored on the cloud today and continuing in the future is simply not sustainable for the long haul. People who are experts in this area say the “cloud” will just run out of usable space, and the owners of vast database farms will begin to indiscriminately delete information. So, how does this tie into my thought of the day about data mapping and eDiscovery?
Before a company can consider deleting data, or having it deleted for them, they must know what they have and where it resides. This seems, at least to me, a pretty basic fact of Information Governance, or IG. However, there seems to be a never-ending stream of blog posts about litigation cases lost or impaired because data could not be found or a party failed to produce data that opposing party identified; or innumerable blogs offering to help a company manage data, catalogue data, store/retrieve data…as if this is some new, revelatory process. The common reason for this recurring theme is that companies perhaps know what they should do, but for whatever reason neglect to do so. Also, companies are often overwhelmed by new data, increased demands for the data, and new ways of managing the data. Data mapping is critical in identifying those basic criteria: what do you have, where is it, what media and systems and programs are in use, and who controls them. And what seems to becoming more common is the integration, and inter-relatedness, of information within an organization. The medical industry is a prime example of this, as demonstrated in this excellent article.
Data mapping means different things to different business groups, and for sound reasons. IT sees it as system and infrastructure mapping; RIM/IG sees it as document type or category mapping down to the document or metadata level; Legal or Compliance may see it at different categorical levels, or what might be called “value levels” – where is our most important or vital or sensitive information, would be their question. And there can be other business concerns or viewpoints, but you get the picture – data mapping is not an isolated event. It is a critical business-essential process not just for litigation preparedness, but for business operations in general. But the ability or worse, the inability, to find data will be quickly and greatly magnified under the stress of litigation requirements.
With so many diverse business units involved, who then should lead the data mapping effort? To mimic the standard lawyer response: It depends. Your company must determine whether you have the resources, including personnel capability, that can dedicate a significant portion of time to the project; that the personnel have the knowledge to conduct inter-departmental data and/or structure reviews; that they have the authority to get department staff time and effort to contribute their part in information gathering; and, ultimately and most importantly, that the person in charge knows what to do with the information that has been gathered. I’m going to venture the thought that most, if not all, companies simply don’t have that luxury or flexibility in resources. This of course implies that a company is best advised to look to a qualified data service provider to come in and conduct the project; this may be your established eDiscovery vendor, or other type of service provider such as a RIM expert.
If you do not have this service team in place, you must conduct a proper due diligence of available vendors; there are many of them, and most are quite good at their work. Perhaps the differential point will be price and scope of work; a qualified vendor will work with you initially to scope out and completely understand what your objectives are, not just come in and promise the world as they see it. Your company may very likely not need the Rolls Royce vendor; but, especially if your company is a top-tier, large company, you must ensure your vendor has the bandwidth to cover all of your vast and disparate departments and locations.