Unfortunately, data breach is a growing concern for any company that hosts sensitive, confidential, or otherwise protected data or personal information. You may have even experienced a security breach of your own, or at least had a serious scare. We’ve heard enough of these stories, so we decided to formalize a breach review. Ideally, with the proper security, you’ll never need it. But if you do, our data breach review workflows will help you react accordingly and notify all affected parties.
Performing the physical review of documents and data sources to identify and compile a list of individuals to be notified of a data breach can be time consuming, logistically challenging, and costly. The information within the breached population is often buried within unstructured data sets or attached to emails that must be identified, verified, and formatted into a standardized format that can be used by notification vendors and breach counsel.
Our team of experienced data breach experts has developed custom workflows to find, capture, and report on the exposed PII and/or PHI in the most efficient way to ultimately save time and money. Our workflow is broken down into the following 3 categories:
Data is securely transferred to our team by a breach coach or a forensics provider. The raw data is converted, de-duplicated, and loaded into a fully customized Relativity workspace. The data is further culled through a combination of search terms and a variety of analytic engines.
The surviving records are presented to a managed team of reviewers in one of our more than 30 secure review facilities located throughout the world. Our teams in these facilities specialize in data breach review. They remove any remaining false positive, capture the contact information for the impacted individual(s), and categorize the PII/PHI type found in a customized entity database.
Data Normalization & Report Generation
Our technical analyst team cleans up the list of extracted entities to suppress duplicates and roll up the categorization tagging for said entities. All remaining entities are exported to a series of interactive reports that provide state-level summary information for breach counsel and a single click mail-merge import file for use by the notification vendor.