Data: these days, it’s everywhere you don’t want it to be—at least when it comes to eDiscovery. All the conveniences that modern technology offers us for anytime, anywhere work, collaboration, and communication can add up to trouble when it’s time to collect, review, and produce that information for litigation or investigations.

Most of us don’t know how much data we have or where it’s stored in our organizations. So, if you haven’t already created a data map for your organization, here are the places you should check—some obvious, some less so—as you start to build a data inventory.

• Email: Email is voluminous, but fortunately, it’s usually easy to collect. Most businesses use a standard platform, such as server-based or cloud-based Microsoft Exchange. Some businesses have additional email archiving applications that must be included in a data sweep.

•  Native files: Native files are files like word-processing files, spreadsheets, presentations, PDFs, and other text-based files—they’re files that your employees create aside from emails and messages. While employees may be directed to store files on your organization’s network or in a document management application, they may have also saved data to their computer’s local hard drive. Don’t forget to check it for potentially relevant documents.

• Employee devices: Regardless of whether your company has a bring-your-own-device policy, employees are probably using their personal smartphones, tablets, and laptops to conduct business—especially if they often work remotely or after normal business hours. Collecting this data can require advanced tools and savvy, given the range of potential information: text messages, voicemails, call logs, geolocation data, and other apps, including instant messaging.

• Social media: The average American has at least three active social media accounts—and they’re all a treasure trove of data to mine, from photos, to geolocation data, to private messages and chat logs. The problem is, most people don’t think of social media as potential evidence that they need to preserve, and it can disappear quickly.

• Cloud-based data: Most organizations have opted to move at least some of their data to the cloud. Google Drive, Office 365, and their associated applications are good places to start looking for responsive data, but it’s also possible—or really, fairly certain—that rogue employees are using non-sanctioned applications for work purposes. Many of them are probably using chat apps, such as Slack, which can be problematic: the free version of the app only retains the most recent 10,000 messages, and those messages add up quickly.

• Internet of Things data: Do your employees have fitness trackers, home assistants like Alexa, or internet-connected cars? If they do, and if these devices contain any potentially relevant data, you’ll have to figure out how to extract data from them for processing and review.

•  Disaster recovery data: Backup tapes compress files for storage. That means they’re difficult to access, much less search. You’ll probably need specialized tools to recover the data you need.

• Archived data: Older, inactive data sent to storage may be voluminous and thus harder to search—especially if it was generated by legacy systems that the organization no longer supports.
• Hidden data: Deleted data is never really gone. It can be incredibly difficult to find files that have been erased or fragmented in the system, but they are there—if you have the tools to recover them.

As you can see, finding all the data in your organization can be incredibly difficult—not to mention that once you find it, you have to preserve it and then collect it in a forensically sound manner. If you want to use any of this data at trial or to support an investigation, you’ll need to be prepared to establish a chain of custody for it—and to show that you haven’t tampered with its metadata.

To learn more about ways to ensure that you’re capturing every byte of data and that you’re following a defensible data collection process, get in touch.