“There are known knowns. These are things we know that we know. There are known unknowns. That is to say, there are things that we know we don’t know. But there are also unknown unknowns. These are things we don’t know we don’t know.” – Donald Rumsfeld

“Know your data. Unknown unknowns are a no-no.” – Sherpa Software

Tangible assets are easy to define, and presumably, to find. These are the things your company owns – cash, inventory, real estate, equipment, furniture, automobiles, and intellectual property, among others. Many organizations also regard their valued employees as an asset. But there’s another, often overlooked, asset your company owns – information – your electronically stored data and the benefits you gain from it.

In order to leverage data assets to make better decisions, you need to have a thorough understanding of what data you have, where it’s located, who needs access to it, and how to retrieve it. This can take the form of information about customers, products, research and development, business practices and processes, employees, and the state of your finances. All of which may be stored on dispersed systems across your organization. Having a map or inventory of where data is stored helps you to strategically exploit this internal information in order to maximize its value.

As the cost of storage has shrunk, and with data coming from more sources, this information must be organized to make it meaningful and accessible to users. Moreover, legal requirements (HIPAA, Sarbanes-Oxley, etc.) also require confidential information be protected. Knowing what data you have isn’t just a matter of convenience – it’s a legal obligation.

Just as importantly, you need to know where your data resides.  Mapping data is an important step in understanding where your electronic information is stored, which systems create and destroy it, and who touches it day to day.  This is especially try if you’re under court order to produce documents or records due to litigation. Day by day, the data collected by your organization is growing – how will you manage it? How will you know what you have?  How quickly can you find it?  How efficiently can you produce relevant information when required? Managing vast quantities of data is an emerging profession in itself.

In cases of litigation, data mapping is particularly helpful.  You must know where all data is located, including data maintained by third party vendors for basic eDiscovery functions to be effective. In order to be in compliance with any data preservation of litigation hold orders, you need to know:

  1. What types of applications are used by your organization?
  2. Do you have a data retention policy? How is that policy enforced – automated or manually?
  3. Are any devices (laptops, tablets, smart phones) used off-premise?
  4. Is any data stored in the Cloud? Are your data retention policies enforced for data stored off-premises?

The first approach to data mapping is determining who has access to what information and where it is stored. This can be based on job function, the deployment of storage, permission levels and connectivity to information repositories among other factors.

The next step is determining which systems exist by data type and business process. Examples of electronically stored data might include, but not be limited to:

  • email,
  • databases,
  • documents,
  • financial data,
  • CRM, and
  • HR/employee records.

Often, systems may contain overlapping information (Finance/Human Resources/Accounting).

Effective information governance requires planning and forethought. Proactively understanding where data exists and who has access to it is key to retrieving relevant information when called upon to respond to eDiscovery requests or litigation hold orders. These rules apply to data stored in the cloud in addition to on-premises. If you’re storing data at a third party location, have you addressed with that vendor a legal hold or eDiscovery protocol? Waiting until you’re under court order to begin the data mapping process could delay the process resulting in fines or contempt rulings if you’re unable to produce documents in a timely manner.

In short, a modern organization’s Information Technology department needs to be about more than overseeing hardware infrastructure and software applications. It also needs to address electronic information and compliance.  Unknown unknowns are no longer acceptable. To learn more about data mapping, contact us today!