building a defensible esi data map arma greater indianapolis chapter e-discovery conference march...

Building a Defensible ESI Data MapARMA Greater Indianapolis Chapter

e-Discovery ConferenceMarch 24, 2010

John P. Collins, JD

Vice President, Consulting

The Ingersoll Firm

The Ingersoll FirmThe Ingersoll FirmOne of the nation’s leading ESI data mapping consultants 2

The Ingersoll Firm

• ESI Data Map Consulting Services– Complete ESI data mapping (soup to nuts)– Targeted ESI data mapping (e-mail, ERP, line of business, etc.)– Hourly consulting engagements– ESI data mapping workshops on-site and at locations throughout the

United States

• Information Technology (IT) education for the legal and Records Management professions

• Technology “translation” services– Work with legal and IT to help them understand one another’s issues

clearly

• E-discovery consulting services– Meet and Confer preparation– 30(b)(6) deposition preparation – Technology evaluation and selection


Outline

1. The Defensible ESI Data Map Defined2. Themes Part I3. What’s NOT an ESI Data Map (IT Does Not Have One)4. Review of an ESI Data Map5. How is an ESI Data Map Built?6. How is an ESI Data Map Maintained? Before I Answer, Let’s First

Consider How an ESI Data Map Is Used7. Ok, Now Lets Discuss How an ESI Data Map is Maintained8. Why Build an ESI Data Map?9. ESI Data Mapping Challenges10.ESI Data Mapping FAQ11.ESI Data Mapping Success Factors12.Themes Part II


The Defensible ESI Data Map Defined

• An accurate, comprehensive, and understandable inventory of an organization’s IT systems which may contain ESI potentially relevant in any legal or regulatory discovery.

– Is created using a defined methodical process.

– Is created using a process which attempts to minimize disruption to the business (especially IT)


What’s NOT a Defensible ESI Data Map (IT Does Not Have One)

• IT documentation– Network maps or topology diagrams– Spreadsheets: server inventories– Asset management system reports– Active Directory reports


Themes Part I

• Process• Reasonable good faith effort…not perfection• Comprehensive: start wide• Clarity: IT + Legal + RIM = Confusion: be clear on the question, be clear

on the answer, confirm accuracy of answer• Collaboration: can’t throw it over the fence. Also can’t talk through the

fence…need to find a mutual meeting ground • There are “dimensions” to ESI that are critical to understand

– Historical– Production Systems– Non-production Systems– IT’S ALL DISCOVERABLE– Absolutes are rare in the world of ESI (just like with paper where a

custodian could make a copy of something and put it somewhere that has no connection to where it should be, so is the case with ESI)

• Prioritize based on your organization’s legal, RIM, IT, and risk tolerance profile

• Seek balance in the level of detail gathered about IT systems


Review of an ESI Data Map


How is an ESI Data Map Built?


How is an ESI Data Map Maintained? Before I Answer, Let’s First Consider How an ESI Data Map Is Used


How is an ESI Data Map Maintained? Before I Answer, Let’s First Consider How an ESI Data Map Is Used

• The ESI data map is not meant to be a “real-time” up to the minute resource, but rather is meant to:– Bridge the gap between minimal or inaccurate understanding about the operation of the

organization’s IT infrastructure and a level of understanding that is needed in order to effectively undertake the ediscovery process. The ESI data map provides a targeted and substantial amount of information about the organization’s IT infrastructure; in some situations everything needed to be known about the IT system or systems in question may be derived just by reading pertinent sections of the ESI data map. But, in other situations, counsel will want to take the information learned from the ESI data map, and then confer with the contacts identified in the data map in order to further refine and deepen their understanding of the IT system or systems in question—or—engage in a discussion regarding specific logistics related to identifying, preserving, and collecting certain ESI.

– Take a “point-in-time” snapshot or your organization’s IT infrastructure. This is important to do as soon as possible because of the dynamic nature of organizations and their IT infrastructure (perpetual change in computer and IT systems makes it difficult to ascertain what systems and configuration options were in place at a given point in time—and is problematic because discovery is often retrospective, looking back on data created and maintained in the past.)

– The snapshot also provides a baseline so that legal can provide input on information governance retrospectively and prospectively. The snapshot will likely identify information governance gaps (differences in records retention and records management policies and how information is actually being managed on IT systems.)

• For “real-time” or up to the minute information, the ESI data map should identify either the resource (such as a particular database or system) or individual who can provide the up to the minute information (for example, how many custodians out of a list of 25 employees actually have BlackBerry devices and when did they get those devices, or, how many custodians have access to Salesforce.com and when were they granted access)

• The data map should get you 90%-or even 99% of the way there towards the information you need…but its not meant to be used as a substitute for collaborating with IT


Ok, Now Lets Discuss How an ESI Data Map is Maintained


Ok, Now Lets Discuss How an ESI Data Map is Maintained

• Ownership: someone should have ownership of the ESI data map. Ideally, someone in legal (paralegal, attorney.) If IT has ownership then it should be someone who has a direct, ongoing collaborative relationship with legal (such as an ediscovery liaison.)

• Evaluate the organization’s ESI data map variables:– Risk tolerance: how critical is the data map? Only a relatively small % of companies have

little or no risk tolerance. It’s useful to remember the “reasonable good faith” standard here.

– Litigation portfolio: how often is the data map being used? • If frequently, then by default the data map is going to be kept up to date because

frequent use ensures regular interaction with IT—which operates to help keep the data map up to date.

• If infrequently, then an update schedule should be established, such as quarterly or annual updates. The updates consist of the ESI data map owner reviewing with the IT contacts their section(s) of the data map to determine changes, additions, deletions, etc.

– IT environment: what is the nature of the organization’s IT environment? Frequent change, new technologies being implemented? Or, a mature environment with modest change.

– Business environment: what is the company’s overall business environment and structure?• Autonomous business units with independent IT infrastructure • Acquisition orientation?

• Can set up a monthly, quarterly, or annual schedule of updates• Have an annual audit of the data map conducted: an outside expert review the data map


Why Build an ESI Data Map?

• Because without exception or variance, the authorities and the legal principles underlying ediscovery suggest you should:– Case Law

• Zubulake: “…[to institute a legal hold] counsel must make certain that all sources of potentially relevant information are identified and placed on hold…to do this counsel must become fully familiar with her client’s document retention policies, as well as the client’s retention architecture. This will invariably involve speaking with information technology personnel…”

• Zubulake Revisited: “The standard of acceptable conduct is determined through experience. In the discovery context, the standards have been set by years of judicial decisions analyzing allegations of misconduct and reaching a determination as to what a party must do to meet its obligation to participate meaningfully and fairly in the discovery phase of a judicial proceeding. A failure to conform to this standard is negligent even if it results from a pure heart and an empty head.”

– FRCP • FRCP Rule 26(f) Committee Note: “When a case involves discovery of

electronically stored information the issues to be addressed during the Rule 26(f) conference depend on the nature and extent of the contemplated discovery and of the parties information systems. It may be important for the parties to discuss those systems, and accordingly important for counsel to become familiar with those systems before the conference.”



• The Sedona Conference – Comprised of lawyers, technologists, judges, paralegals, RIM

professionals and others– Arguably the leading source of secondary authority in

ediscovery – VERY influential with judiciary (The Sedona Conference

“Cooperation Proclamation” has been endorsed by almost 100 federal and state judges)

– Influential publications include:• The Sedona Principles Addressing Electronic Document

Production, Second Edition (June, 2007)• The Sedona Guidelines: Best Practice Guidelines &

Commentary for Managing Information & Records in the Electronic Age



• Electronic Discovery Reference Model (EDRM): widely recognized and used description of the e-discovery process – EDRM, Preservation:

• “In order to preserve documents, it is important to know where they reside. Work with the IT group to develop a map of the locations of various types of data which might be relevant to litigation or a regulatory investigation.”

• “…ultimately, it is the legal counsel protecting the client’s interests who must learn the most about the client’s IT architecture, policies, personnel, and culture…a successful preservation plan will be nearly impossible if legal counsel is not fully aware of all the places in the client’s electronic world where relevant material may be stashed.”


Why Build an ESI Data Map?• Leading E-discovery Experts

– Ralph Losey• “Since most of the evidence today is digital, litigators must not only understand the

law, and the facts of dispute, but also the parties’ computer systems and data retention practices. Without this understanding they will be unable to preserve or discover the evidence they need to prosecute or defend a case.” e-Discovery Current Trends and Cases, ABA 2008

– Craig Ball • “Prior to a Rule 26(f) conference, the parties need to identify the sources of

electronically stored information. That entails much more than, “We use computers.” Identification of ESI is more than just a head count of machines, backup tapes, custodians, network storage areas and thumb drives. Certainly, it's important to have a current inventory, but identification of potentially responsive sources of ESI goes deeper. Moreover, it’s not a one-sided responsibility. Virtually everyone uses computers and holds some electronic evidence. The parties should be prepared to speak knowledgeably and specifically about the nature and extent of potentially relevant ESI.” Musings on Meet and Confer by Craig Ball

• Leading IT Advisors– Gartner (leading and influential Information Technology analysts)

• “The long-term trend that emerges from this panel is the fact that the legal community is under an obligation to learn about the IT infrastructure, topology and architecture of the organizations they represent.” Gartner RAS Core Research Note G00148170, John Bace, 20 April 2007 R2283 07262007; available at www.h5technologies.com/pdf/gartner0607.pdf

http://www.h5technologies.com/pdf/gartner0607.pdf



• It is the foundation for RIM and e-discovery processes– How can an organization place a litigation hold on ESI if it does

not know where that ESI is, how it is stored, and who is responsible for the mechanics of executing the hold?

– If you rely on IT to “tell you” or “volunteer” where ESI is you run a risk of spoliation or an adverse inference instruction because, in general, IT will not tell you all the places where a discreet set of ESI may reside.



• 26(f) Meet & Confer Conference– Reduces risk there won’t be enough time to adequately prepare– It takes time to understand an organization’s IT infrastructure—

a single conversation with a single person is (except in the smallest organizations) not going to be sufficient

– To understand an organization’s IT systems will likely require multiple conversations with multiple individuals or even groups of individuals• Working through the logistics and identifying the correct

people takes time and effort


Information Disconnect

• Examples:

– E-mail Archiving Solution– Change in Records Management Policy


RIM, Privacy, Legal and Data Map Connection

• True Benefit of Data Map to RIM:

– Opens the Lines of Communication between the Departments



• Reduce risk of spoliation or missing key ESI• Reduced costs in preservation, collection, review, and production

stages of EDRM model• More effective preservation and legal hold because of specific

factual knowledge about where ESI resides, the scope of such ESI (what has been purged), who can stop the purging of certain ESI, who can assist with preservation actions.

• Provides some of the factual background required to make cost shifting or “not reasonably accessible arguments” because the ESI data map will identify to what degree—if any—ESI sources may require an inordinate level of IT investment to preserve, collect, process, and produce (such as a legacy invoicing system no longer in production use but kept around so the sales group can see what a customer purchased at a point in time beyond what is maintained in the current system.)



• Eliminates disconnect between IT and legal/RIM• Realize IT cost savings by eliminating redundant or no longer used software and

consolidating computer hardware• Grassroots education of IT about legal issues, information governance principles,

and RIM• Education of legal and RIM about the nature and scope of the organization’s IT

systems• Eliminates re-inventing of the wheel each time there is a new ediscovery matter:

the ESI data is a single point of reference that is an accurate and comprehensive snapshot of the organization’s IT systems.

• Consistency: because an ESI data map is prepared on an enterprise-wide basis using a methodical process, the information in the data map is more accurate and more comprehensive than information obtained in response to a particular matter. For example, an employment matter may focus on e-mail and HR systems, so counsel spends most of their time interviewing IT about those systems; secondary sources such as file shares or SharePoint may receive only cursory investigation. The ESI data map treats sources within the same tier the same, and gathers the level of detail needed to ensure counsel has all the facts at their disposal. – Furthermore, the ESI data mapping process is designed to address conflicting

representations made by IT staff about how systems are operated; it is not unusual to ask two different IT staff about the same system and to get varying answers about the nature and scope of ESI contained on the system.



• Policy versus reality gap closure: reduces an opposing party’s ability to exploit disconnect between what written policies say SHOULD be occurring on IT systems and what is REALLY happening because the ESI data map will identify those instances where records retention policies state one thing—and how the data is being managed on the IT systems is completely different

• Enables counsel to negotiate a narrower scope of discovery by taking the initiative because they have rock-solid confidence that their knowledge of the IT infrastructure is accurate and comprehensive

• Avoid agreeing to unrealistic discovery requests by understanding that certain requests would require excessive costs or heroic efforts


ESI Data Mapping Challenges



• Overcoming the (usually) mistaken belief that this type of documentation already exists

• Decision to move forward with a data mapping project often takes a long time: one, two, three years

• It’s putting together a difficult jigsaw puzzle without a picture of the completed puzzle AND with many of the pieces missing

• IT staff lacking immediate knowledge about key IT system configuration settings

• IT staff lacking historical knowledge about IT systems• Slow response from IT regarding:

– Providing current copies of IT documentation – Setting up meetings for the ESI data map project– Responding to follow up questions



• Legal is “afraid” of IT• IT doesn’t “like” legal or understand legal process

– IT and legal each have their own terminology and cultures that are significantly different from one another

– IT not typically aware all data is subject to discovery (and not just production data)

– IT not typically conversant with evidentiary principles such as• Authentication of evidence• Production format

• Office politics: one department may not appreciate another department’s telling them how to run their department or what to do…or frankly, sticking their nose into their business

• IT processes are not documented per se (custom, tradition, Standard Operating Procedures as “tribal knowledge” versus reduced to a written document)



• Achieving an appropriate level of detail versus generality

– There are some areas where a relatively high level of detail is warranted, for example, how file shares are provisioned to users

• Home Directories

• Departmental Shares

• Public Shares

• Folder Redirection enabled?

– There are some details that are not essential to include in the ESI data map, such as:

• How large each partition is on a file server’s disk drive

• Whether or not each disk is configured as a basic or dynamic disk

– One of the reasons this is challenging is because almost all information that could be gathered might be helpful at some point—so it becomes an exercise in prioritization.


The Legal Flux Capacitor Paradox


The Legal Flux Capacitor Paradox

• The “Legal Flux Capacitor Paradox:” IT systems are a black box and its not clear at to many lawyers how it all works (e-mail, file shares, SharePoint, TCP/IP, etc.).

• However, because “its computers” IT should be able to do a search and find everything. Right? Like Google.

• The effect of the Legal Flux Capacitor Paradox:– A dampening of enthusiasm to champion or sponsor an ESI data

mapping project– It shouldn’t be that difficult to pull something together– IT probably already as some or most of this information laying

around– We haven’t had much e-discovery or litigation so its probably not

something we need to do– IT is “putting some stuff together for us”


ESI Data Map FAQ

• Can we use existing systems or documents as an ESI data map?– Asset Management Systems, software licensing compliance

software or processes, IT audit, SOX, help desk software, etc.• Is an ESI data map privileged?

– No case law as of yet– Data map shows the sources of ESI, which is discoverable

information– There may be an argument that the ESI data map is shielded

by attorney-work product doctrine if done through counsel…probably would not be successful

– Overbroad for production--30(b)(6) as an alternative


ESI Data Map FAQ

• How long does it take to create an ESI data map?• Where does an ESI data map fit in the e-discovery process

(EDRM)?


ESI Data Map FAQ

• What resources are needed from IT (and the business) to build an ESI data map?– Documentation and information about the business structure (offices, facilities,

acquired companies, etc.)– Organization Charts– IT documentation

• Network topologies• Hardware inventories (servers, PC’s, storage networks, etc.)• Software application inventories• WAN, LAN diagrams

– IT staff commitment to the project– IT staff’s time—and energy

• time to assemble—or create--documentation• time for meetings• time to review questionnaires, worksheets, and other documents• time to research answers to questions• time to review information gathered for the project• ongoing commitment to keep legal and RIM in the loop on IT environment

changes (acquisitions, dispositions, significant upgrades, etc.)


ESI Data Map FAQ

• What does it cost to build an ESI data map?– It depends on several factors, including:

• How centralized or decentralized is an organization’s IT infrastructure: more centralized generally = lower cost

• Types of IT systems that are of interest: – Off-the shelf = lower cost– Customization = higher cost

• IT knowledge level– Detailed knowledge that is readily accessible = lower

cost• Size of the company and scope of operations• Litigation portfolio

• What about data mapping software?


ESI Data Map FAQ

• Do I need to hire an outside consultant or law firm to build an ESI data map?– Something is better than nothing, so doing something in-house

even without data mapping expertise is “likely” beneficial– Single most critical question to ask: do we have the legal/RIM

and IT expertise internally to do it? • Ideally there is a single or multiple individuals who have the

blend of legal/RIM and IT expertise• If there is no single individual then you will need to bring the

two types of expertise together in a team approach, and that team will need to live in each other’s world and collaborate closely and intensely for the duration of the project


ESI Data Mapping Success Factors

• Executive sponsorship from the highest level of the organization (Board of Directors, Chairman, CEO—the higher the better)

• Project champions: one in legal/RIM, and one in IT• Complete and unconditional support of the highest ranking IT

executive (CIO, VP of Information Systems)• Legal and IT expertise• Clear communication with IT as to what their involvement will entail• Project management expertise: the ESI data mapping project

should ideally proceed on multiple tracks—this allows the project to move forward but without an overwhelming amount of disruption to IT

• A clear sense of what constitutes a “reasonable good faith effort”• Recognition by legal and IT that Humphrey Bogart was right on targ

et…


“…I think this is the beginning of a beautiful friendship." Rick in Casablanca


Themes Part II

• Process• Reasonable good faith effort…not perfection• Comprehensive: start wide• Clarity: IT + Legal + RIM = Confusion: be clear on the question, be clear

on the answer, confirm accuracy of answer• Collaboration: can’t throw it over the fence. Also can’t talk through the

fence…need to find a mutual meeting ground • There are “dimensions” to ESI that are critical to understand

– Historical– Production Systems– Non-production Systems– IT’S ALL DISCOVERABLE– Absolutes are rare in the world of ESI (just like with paper where a

custodian could make a copy of something and put it somewhere that has no connection to where it should be, so is the case with ESI)

• Prioritize based on your organization’s legal, RIM, IT, and risk tolerance profile

• Seek balance in the level of detail gathered about IT systems

building a defensible esi data map arma greater indianapolis chapter e-discovery conference march...

Documents

esi data map slide

world of esi

data mapping faq

data mapping challenges

data mapping success

selection slide

legal rim

organizations legal