eDiscovery: Does Your Enterprise Know Where Its Data Is?

Thursday, November 1, 2007 - 01:00

Ten years ago it was important for corporate IT directors and legal teams to understand the locations of information and records, but in today's marketplace it is now a necessity. Due to an ever growing body of guidelines and rules at both the state and federal levels, corporations must now identify, hold, manage and produce potentially relevant information and records more quickly than ever. Failure to do so can result in claims of spoliation and significant sanctions.

For consistency with the terminology used in the amended Federal Rules of Civil Procedure, which became effective in December 2006, this article will refer to information and records as electronically stored information (ESI). For organizations faced with the challenges of addressing ESI, there are three crucial aspects about ESI needed to achieve eDiscovery readiness: (1) knowing the location, (2) understanding the availability or accessibility, and (3) understanding the potential relevance. Because responsibility for addressing ESI typically resides in both the legal and information technology (IT) spheres, it is paramount to have effective communication and interaction between these two groups. This article will address how legal and IT teams can work together to locate and map ESI, in order to meet obligations for both the courts and other government entities.

Often multinational organizations will have the greatest challenge when attempting to locate ESI, but the steps described here can be applied across national boundaries - so long as the applicable laws support such an approach. To begin with, an organization should consider the nature of its IT infrastructure - for example, is this infrastructure centralized, decentralized, or a hybrid? Although locating ESI can be time consuming and costly, the risk mitigation afforded by such efforts can often be priceless. As demonstrated in recent decisions affecting the preservation of ESI (In re Genetically Modified Rice Litig., 2007 WL 1655757 (E.D. Mo. June 5, 2007) ), the courts are frequently demanding corporations not only understand the formats in which ESI resides, but also its locations. Corporations are also expected to possess a defensible method of adequately collecting potentially relevant ESI. Because of the complexities associated with such efforts, it is ideal for corporations to address these issues well before a preservation order is ever issued.

Typical solutions will often involve archiving and document management systems. As information storage requirements continue to grow, corporations often look to improving their data management capabilities. Through the initiation of an enterprise content management (ECM) program, these corporations also have the opportunity to implement needed policies for the capture, storage, management, preservation, searching, and collection of electronic content. Where such policies tie into ECM, corporations can gain visibility to ESI locations.

But such approaches may be more applicable for sophisticated organizations which possess the ability to initiate, accept and enforce policies and their associated systems. But what happens when an organization is not afforded the capability to act in such a systematic fashion? There are some standard practices that can be utilized with either outside consultants or internal IT departments to still achieve effective results.

One such approach would be to utilize a data cataloging and mapping program, as summarized in the following steps: (1) form a select team of legal, technical, records, and business unit managers that can adequately determine the needs of the business and determine if an in-house or outsourced initiative would be most appropriate; (2) propose the team's recommended solution to senior management; (3) if an outsourced initiative is selected, then prepare to conduct an RFI/RFP process which will include interviews and presentations with potential providers; (4) conduct pre-planning of the initiative, including the determination of project management tasks, key contacts, and the organization's interviewees who have knowledge of enterprise ESI; (5) introduce the initiative by holding a kick-off meeting with all the stakeholders and project team members in attendance; (6) conduct interviews; (7) catalog ESI throughout the enterprise; (8) gather and/or create network topologies; (9) conduct a gap analysis of the results from steps 7 and 8 to determine if any locations were missed; (10) visit on-site and off-site storage facilities; (11) compile all the results into a single comprehensive report; (12) allow time for feedback from the team; (13) modify the report based on team feedback and then present the findings to the stakeholders, and lastly (14) prepare the final documentation and then maintain it on an ongoing basis.

Team Selection And Formation

By selecting the proper team, you are creating a strong foundation, with members each holding a vested interest in success. As you proceed through the entire process, the value of your internal team becomes increasingly evident as interviews are conducted and information is shared. Team members will typically be those people with responsibility for much of the information required. It is also common for team members to have access to details regarding present policies and procedures, network topologies, storage information and other critical details. The real challenge will reside in the effective communication of these details. Fortunately, the project creates an avenue for discussion about documentation requirements for all of the information possessed by the team members.

Senior Management Approval

The team's first task must be to create a project roadmap for use in briefing senior management, with the goal of ensuring the project gains critical organizational approval and support. Most organization-wide projects generally will not succeed without senior management playing a role in the decision making process, including their participation in interviews and project briefings.

RFI/RFP Process

The team's next task will be to clearly identify the project's goals to outside constituents. Outside parties should explain their company background and stability, quality of work, their obligations and warranties, physical security and data protection processes, quality and experience of personnel, project management capabilities, infrastructure, and any other important details pertinent to the project. Additionally, the RFI/RFP process should define a project's expectations, establish a basic framework for its success, include interviews along with a separate meeting to address responses with potential providers, and allow the team sufficient time to research the qualifications of all potential providers.

Project Management - Scope/Planning

The selected provider or your organization's staff will then need to create a communications plan, including determination of key contacts and interview schedules, as well as project scope and expectations, timelines, and clearly defined progress intervals for the project.

Kick-off Meeting

A kick-off meeting brings the team together to review the project plan and timeline, and should be limited to no more than 90-120 minutes in order to maintain a concise presentation of the key elements and tasks that will be assigned to each team member. The meeting also provides a venue for addressing any outstanding questions, setting delivery timeline expectations, and officially announcing the project engagement.


The interview process should include: (1) physical interviews and (2) collection of additional documentation. Key interviewees typically include legal IT directors, legal team members, IT directors and managers, records managers, database managers, systems administrators, help desk technicians, analysts, business unit managers, and business unit storage or technical managers. In some cases, interviewing the senior management team may make sense, based on their cross-organizational knowledge, which can also be beneficial when an organization is facing multiple discovery requests or when the project scope addresses litigation readiness as a whole. Most interviews should target policy and procedure documentation, IT infrastructure configurations, backup and archival systems, records and information management, document management, user training, storage devices, mobile devices, and other systems information. A technical oriented interview will often require 90-120 minutes whereas a non-technical interview may require just 60 minutes.

During interviews, it is often discovered that users or technical personnel may have additional documentation which could be relevant. Discussing policies, procedures and general documentation with all interviewees is a good way to help identify missing or overlooked information, such as legacy systems, destruction dates, or even sales receipts for systems that are no longer available and no one knows why.

Data Cataloging

The team's efforts can be complicated by data that is distributed across departments or network subnets. However, appliances and applications exist that can help catalog all the data and determine the locations, file types, volume, and frequency. In addition, such solutions can provide ad hoc reporting to highlight the frequency and volumes of file types most prevalent throughout the organization. Identifying the top "10" locations, file types, and the sizes of ESI provides insight into possible costs for preservation, electronic discovery processing, review and production.

Network Topologies

Network topologies should also be requested, but in the event that this information is not available or is outdated, the IT group should create network topologies and maps. Even though project planning includes the need to collect a list of the servers and computers on the network, it is still a good idea to request copies of these lists again, to help ensure you do receive the most up-to-date information.

Gap Analysis

The next step is conducting a gap analysis of the differences between steps 7 and 8 to determine if any volumes might have been missed. This can be accomplished by comparing the servers and computers identified in the lists you received in step 7 against the lists generated by the appliance or application used in step 8.

Visit On-site And Off-site Storage Facilities

The team should now determine if there is a database tracking backup tapes and/or hard copy documents stored at any on-site and off-site facilities. If off-site storage facilities are utilized, it is recommended to inventory all backup tapes and other electronic media to help assess actual volumes.

Steps 11 - 14 - Finishing Steps

Finally, the team should develop a draft report and review all the findings for accuracy. Multiple drafts will likely be generated prior to finalizing the report, which should provide a summary of the results for stakeholders as well as provide the team with an electronic document that can be maintained.

While data mapping and cataloging can be time consuming and potentially costly, the resulting documentation enables the legal and IT teams to save on time and costs in the long run. Of course, data cataloging will need to be routinely refreshed to maintain the accuracy of the documentation over time.

Although it can be a daunting task to identify all the sources of ESI for every employee, a good place to start is the network infrastructure. Even for organizations with more than 20,000 employees, data cataloging and mapping efforts can facilitate an effective electronic discovery response by addressing the most critical storage locations and helping to avoid sanctions, which often result from limited responsiveness or even relatively innocent withholding of information.

Karen A. Schuler is Vice President of Consulting at OnSite3.

Please email the author at kschuler@onss.com with questions about this article.