How AI Streamlines Data Breach Review for General Counsel

As data breaches increase in frequency and severity, data protection and privacy regulations are requiring organizations to deliver reports to regulators very quickly. With data volumes regularly in the terabytes, delivering accurate reports on time can be very challenging for affected organizations. In the case of the EU’s General Data Protection Regulation, impacted organizations must report the extent of the breach within 72 hours of detection. 

When a breach occurs, the first step in the remediation process is determining how much data was compromised and what data qualifies as personally identifiable information (PII), personal health information (PHI) or other sensitive data. From a regulatory timeline standpoint, this task can be next to impossible to fulfill without automation and massive internal resources, so organizations typically outsource to a law firm or legal subject matter expert that specializes in handling data breaches.

Yet even outsourcing doesn’t necessarily address the challenges of quickly reviewing vast amounts of data, due to the lack of a comprehensive technology solution to support these efforts. Historically, outsourced service providers have built or assembled a portfolio of forensic tools combined with review technology that they were already using in their e-discovery practices. The resulting patchwork solution requires strenuous manual efforts, a vast number of employees, and workarounds to achieve sufficient performance and scalability. Due to the costs, organizations have been forced to increase spending. 

As a result, there has been growing demand for better forensics tools and remediation processes that quickly identify certain classes of data, and post-breach data review services that quickly review compromised data and accurately correlate that data with specific identities. This ensures that legal professionals can craft a better breach response.

The emergence of this next-generation AI technology reflects an urgent need within legal departments for smarter, more independent methods to respond to data security incidents and data breaches. Legal teams increasingly recognize that firms and legal service providers need to deploy these AI tools to help determine if, and to what extent, a manual review is needed. The end result is an accurate picture of the security incident, who it impacted, and associated organizational jurisdiction. This helps corporations decide how to proceed with reporting and notification, and positions them to understand how many manual reviewers are needed. It saves costs, cuts down time and creates efficiencies. 

Our company recently launched an AI-powered detection and review solution specifically designed to rapidly discover PII and PHI in compromised data, and associate that information with individual subjects. It enables speedy review to meet tight regulatory deadlines and can support hundreds of manual reviewers simultaneously.

With the increasing embrace of AI and machine learning among general counsel, the industry appears ready to dramatically accelerate core legal processes, including breach review. Legal departments whose associated law firms or service providers implement this type of AI can now conduct a rapid first-pass review of a data breach and map a compliant response. In the end, this yields a more effective and less expensive process to remediate data breaches while mitigating legal risk for general counsel and their partners.