Where is the data? Data mapping in insolvency investigations

This article first appeared in the Autumn 2020 edition of the R3 (Associate of Business Recovery Professionals) Recovery magazine.

Imagine that IPs have been appointed as administrators of an aerospace engineering company that operates around the world. The company was financially stressed before the COVID-19 pandemic and then sales dried up. With no reasonable prospect in sight, the directors filed for administration and questions have since been raised about how the directors conducted the company’s affairs shortly before it entered administration.

So where do the office-holders start? Investigations are not a new concept for IPs and they will be familiar with collecting the company’s books and information but, as the amount, nature and location of the data available raises ever-more complex questions, office-holders must continue to adapt how they manage that investigation.

One crucial, and potentially overlooked issue is consideration of how to identify, locate and obtain the company’s documents or other information relevant to the officeholder’s role generally, and not just the company’s books. This is the aim of data mapping, a term regularly used in the electronic discovery industry and one that is of particular use in investigations. Data mapping is important as there is an increased expectation from courts, regulators and stakeholders for companies to explain where their data is. Often, officeholders will need to engage experts to assist in managing the data mapping and collection process.

Requirement to investigate

Administrators and liquidators have a duty to investigate what assets belong to the company (including potential claims against third parties including the directors) and what recoveries can be made.

They are required to carry out investigations into insolvent companies in accordance with the compliance standards set out in the Statement of Insolvency Practice 2 (SIP2). SIP2 requires that an office-holder should document, at the time, initial assessments, investigations and conclusions, including any finding that further investigation or action is not required or feasible, and also any decision to restrict the content of reports to creditors. What data was identified, collected and reviewed will be relevant. IPs should be familiar with what is referred to as data mapping in the electronic discovery industry.

What is data mapping?

Data mapping is a process of:

• identifying an individual or organisation’s data sources, which may hold documents relevant to an issue or issues; and
• understanding:

- how those data sources are stored, structured, managed and accessed;

- how those data sources and the data are used within the organisation;

- who is responsible for those data sources; and

- the applicable retention and back-up practices and policies for the data sources.

The definition above is the working definition of the data mapping project team of the Electronic Discovery Reference Model (EDRM), a US-based organisation that produces resources for electronic discovery that reflect, or become, industry best practice and are often used globally.

However, data mapping has different terms depending on the context, who you are speaking with and where you are in the world. For example, data protection officers may know of data mapping as part of their work to understand how their organisation controls and processes personal data for the purposes of regulatory compliance and best practice. When talking about data mapping it is important to be clear about what it is that you are doing and trying to achieve.

Data mapping in potential litigation

There may be specific requirements for data mapping depending on the context, in particular if there is litigation. For example, if the investigations result in court proceedings or the company finds itself involved in litigation, there may be a requirement to complete a document that records what types of data there are, where they are and whether they can be accessed.

Whether and to what extent the court requires an office-holder to engage with data mapping depends on what type of claim is made. In the opening paragraph of this article, we gave the example of the aerospace engineering company. In this example the office-holders may have some idea that there is the potential for claims under the Insolvency Act 1986 (IA86) against one of the former directors, for example, falsification of company’s books (section 209), false representations to creditors (section 211), fraudulent trading (section 213) and reviewable/antecedent transactions.

Of course, it is impossible to know in advance what claims there may be against the former directors; that is why investigations are essential. Practically, it is not possible to identify in advance which court rules will apply to any future claim and therefore what is required for data mapping.

Take for example the Disclosure Pilot Scheme, which is the set of rules governing how disclosure is given in certain types of cases. The scheme requires the parties to explain what potentially relevant sources of electronic documents exist and where they are in the ‘data mapping’ section of what is known as the disclosure review document. However, this scheme will not be relevant to all insolvencies: it does not apply to some claims, such as petitions, applications or claims without particulars of claim, but it does apply to unfair prejudice claims under section 994 of the Companies Act 2006.

Even if the court rules do not require the office-holder to engage with data mapping there remains a risk that the court or another party raises questions about the company’s documents. In fraud cases, questions may be raised about the veracity of a company’s documents and IT systems.

The result is that data mapping needs to allow the office-holder to respond to any type of claim. Clearly it is not possible to design a document that cross-references every type of procedural rule, but the data map will need to allow the office-holder to be flexible depending on what information may be required and to respond with the correct, up-to-date information promptly. In any event, data mapping helps officeholders to understand the potentially relevant data sources even if litigation never occurs.

Given the importance of understanding the potentially relevant data sources, obtaining technical knowledge from experts is often crucial.

Where does the office-holder start with data mapping?

Generally speaking the data map will be a single document that records the key information and the relevant details about the data source, date and integrity. What the data map looks like will be tailored to each case and will be regularly updated throughout its life. If possible, it should be formatted in a way so that searches and analysis can be done efficiently and effectively; if a spreadsheet is used, think of filters and pivot tables.

Preparation is critical. What information is required depends on the facts of each matter. This will determine what information is required and form the basis of what information is to be recorded in the data map. The office-holder will need to identify what they are required, and may be required, to do. In our aerospace example, the office-holders have a duty to investigate what assets belong to the aerospace company and what recoveries can be made. They may also expect detailed investigations into, and potential litigation regarding, the directors and the antecedent transactions. The relevant data for this could be held globally, across multiple sites and on an array of devices, each with their own document creation and retention policies.

Also, office-holders should be aware that documents may be located in unexpected places and formats due to changing work patterns caused by COVID-19 restrictions; the directors may have used various different video-conferencing or document collaboration systems when trying to keep operating in the changing circumstances, for example.

Preparation also allows the officeholder to determine with whom they need to speak. Bear in mind the office-holder’s broad powers to obtain information under the IA86, for example under section 235. Identifying not just who holds potentially relevant information about documentation, but also with whom it is most appropriate to speak, are important steps in ensuring that any enquiries can be made as efficiently as possible.

The data map will need to record the source of information so that there is an audit trail of who said what and when, and to allow follow-up questions if needed.

The data map needs to be designed to allow cross-referencing. The amount of detail that could be captured is likely to be considerable, so the data map will need to cross-refer to other documents for further detail.

While preparation is key, ultimately, the data map needs to be flexible and user-friendly by design. As investigations progress, new information will come to light and new trains of enquiry will be pursued. The data map will be a living document, ready to adapt to the changing requirements of a matter. It will also be relevant to the work of a variety of people who need to understand what documents are available. It has to be user-friendly so that the information it contains – reflecting the office-holder’s enquiries – can be used effectively as part of the office-holder’s work.

As a living document, the data map will reflect the work already done by IPs in investigations and. in particular, the growing complexity of identifying, collecting and reviewing data as IT systems and working practices continue to change. At whatever stage it is required, the IPs should be able to rely upon the data map to respond to the court, regulator or stakeholders’ questions about the company and the essential question ‘where is the data?’ 

The role of the forensic technology team

Steven Bain, director in the forensic technology team at FRP, explores the role of the forensic technology team in the data mapping process. Data can quickly become evidence and it is important to think about this from the outset. Can potential data sources be identified and relied upon in the future?

Specialists in forensic technology are able to ask the necessary technical questions when identifying potentially relevant data sources – such as where it is located, how it is stored and whether there is a need to act in order to preserve data that may be in line for a deletion policy – and when collecting and reviewing the data itself.

Forensic technology teams will include specialists in digital forensics and eDiscovery. Their experience in previous data mapping exercises, consulting, data collection, data processing and best practice guidelines will help to identify the necessary technical questions to ask. Often, forensic technology specialists will also require additional infrastructure and information security support, so will connect with other teams for added expertise.

Asking the right questions to identify the relevant data sources is particularly important at the outset of an appointment, so that data sources are preserved and a full chain of custody for the evidence can be demonstrated. This is vital if the evidence is required for legal proceedings and it can have a significant impact on the eventual outcome of a case.