How do I build a data map for e-discovery, and what data sources do legal and IT often miss?
A data map is an inventory of where an organization’s information lives, who controls it, what formats it takes, and how long it is retained. For e-discovery, it becomes the foundation for identifying, preserving, and collecting potentially relevant electronically stored information (ESI) once litigation or an investigation is reasonably anticipated.
How to build one
Start with people and process, not just technology.
- Identify custodians and stakeholders. Interview legal, records/IG, IT, security, and key business units. The people who use a system know its quirks better than an asset register does.
- Catalog systems and repositories. For each, record the owner, location, data types, volume, formats, retention rules, and access controls.
- Capture the data lifecycle. Note how information is created, where it moves, how it is backed up, and when it is disposed of under your retention schedule.
- Document preservation mechanics. For each source, record how a legal hold is applied and whether auto-deletion can be suspended.
- Keep it current. A data map is a living document; revisit it as systems change. Cross-functional collaboration between legal and IT is widely emphasized in e-discovery guidance.
Sources teams often miss
Email and shared drives are obvious. The gaps usually appear in:
- Collaboration and chat tools — instant messaging, channels, and threaded comments.
- Ephemeral or auto-deleting messages, including disappearing-message settings on mobile apps.
- Personal devices and BYOD, plus text messages and voicemail.
- Cloud and SaaS platforms outside IT’s direct control (“shadow IT”).
- Structured databases and line-of-business applications, where relevant data is fielded, not in documents.
- Backups, archives, and legacy systems that may hold the only copy.
- Metadata, version history, and audit logs.
- Third parties and vendors holding data on your behalf.
A note on the rules
In US federal civil litigation, the Federal Rules of Civil Procedure shape preservation and production duties, including proportionality and the consequences of failing to preserve ESI. Requirements differ across state courts and other countries, so confirm the obligations for your jurisdiction and engage counsel early.
Sources & further reading
Authoritative government and non-profit references.
- Federal Rules of Civil Procedure — U.S. Courts
- The Sedona Conference publications — The Sedona Conference
How to cite this page
APA
RM University Editorial. (2026). How do I build a data map for e-discovery, and what data sources do legal and IT often miss?. Records Management University. https://www.recordsmgmt.org/questions/how-to-build-data-map-for-ediscovery/
MLA
RM University Editorial. "How do I build a data map for e-discovery, and what data sources do legal and IT often miss?." Records Management University, 16 June 2026, www.recordsmgmt.org/questions/how-to-build-data-map-for-ediscovery/.
Related questions
- A key custodian left the company—how do we preserve and collect their email and files after they're gone?
- An employee admitted to deleting emails relevant to a lawsuit—what do we do now?
- Are curative measures or monetary fines available when lost data can be replaced through other sources?
- Can a company be sanctioned for spoliation when an employee auto-deleted text messages or ephemeral chats?
- Can a court order cost-shifting or limit search terms when keyword searches return an unmanageable hit count?