Using eDiscovery data mapping to prevent data breaches

Data breaches are occurring more frequently and companies are searching for a way to help prevent the breach by understanding their data and organizational data flows.  One company has turned to eDiscovery software for that function.

Data inventory / Data mapping

The Memorial Sloan-Kettering Cancer Center data breach called attention to the fact that you can’t protect data from a breach if you don’t know what data your organization possesses.  This may sound simple, but many organizations do not have a good grasp on what data exists in their organization and whether that data should be protected against disclosure.  This makes it difficult to detect a breach and thus, breached data persists in the wild much longer than it could if organizations had a better understanding of the data they manage.

Alternate use of eDiscovery tools

An interesting solution, documented in Data Breach Today, is being used by Franciscan Health System (FHS) in Washington State.  FHS has started using an eDiscovery tool, typically used to gather, filter, prepare and evaluate data use in litigation, to gain a big picture on the data they have on their systems.  eDiscovery tools allow users to search across a large amount of data to find data of a specific type.  In litigation, lawyers ask, “What data is relevant to my case?” and in information security and privacy, the question is, “what sensitive data exists in my company?”  FCS and others have found another use for eDiscovery tools in the information security field.  These tools are much further along in the maturity cycle than some recently developed tools.  Some eDiscovery tools allow for data visualization such as the Attenex document mapper from FTI that shows a picture of the data in the system by using a series of circles of varying sizes connected.  The circles and connections picture the classifications and relationships between data.

There may be many in an organization that are creating content, and some sensitive information may accidentally or intentionally be included in a document.  eDiscovery software evaluates the content of files to help identify the data that may be hiding within a document, and it can be used for cyber security in addition to litigation.

Other data mapping tools

I do want to point out that there are a variety of other data mapping tools that organizations can use to get  a handle on the data they have but if you are using an eDiscovery tool with such capabilities already, try leveraging it for security as well.

In the case above, Memorial Sloan-Kettering Cancer Center had unencrypted patient information in a set of Microsoft PowerPoint slides that were available online.  What’s worse is that the information was available for six years before it was found.  An eDiscovery system could have alerted them to this data breach much sooner.

About The Author

Eric Vanderburg

Eric Vanderburg is an author, thought leader, and consultant. He serves as the Vice President of Cybersecurity at TCDI and Vice Chairman of the board at TechMin. He is best known for his insight on cybersecurity, privacy, data protection, and storage. Eric is a continual learner who has earned over 40 technology and security certifications. He has a strong desire to share technology insights with the community. Eric is the author of several books and he frequently writes articles for magazines, journals, and other publications.


  1. Yet – We refuse to go to a Franciscan facility or medical professional as they are still using social security numbers for patient ID. Also interesting that their shred bins all have keys in the locks – in case they need to retrieve something, and while sitting in a surgery prep area, one can hear private details of other patients when being interviewed by health care professional (“and you are . . .” “your date of birth is . . .” “your address is . . .” etc.

    1. Amy,

      Thanks for sharing. Those are some excellent examples of the types of things that cause breaches and you are smart to avoid places that do not protect your information. I was donating blood once and I saw they were using an insecure wireless access point to connect to the Internet. Everyone’s personal information was processed on a few laptops that were accessible by anyone with a wireless card. I left that blood drive and went to another and I wrote them to tell them that they needed to change their procedure before I would come back.

      Many colleges used to use social security numbers as student ID’s and a few still do but they have largely made a change to an identifier unique to the institution.

Leave a Reply