When a data breach takes place, notifying those affected must be done quickly, thoroughly, precisely and reliably.
The context in which we perform our data breach notification document review is that we are engaged soon after a determination has been made that there was a breach. Typically, particularly for the reviews we perform for the largest consultancies, a tool has already been selected for our use. Those tools are often litigation document review tools, such as Relativity, which may or may not be custom-built for this use. When we have input in the choice of platform, we often suggest a tool designed specifically for this purpose, namely Canopy, https://www.canopyco.io/
Once we receive an assignment, we immediately assemble our team of experienced lawyers/reviewers on the project and they work furiously, long hours, and often weekends, if required, to meet the typically very tight deadlines associated with this type of work. What makes our solution different isn’t only that our reviewers get to work immediately and work hard. Many review teams outside of the US are available immediately and many of their employees work hard, too. What makes us different is our security, both physical and data, the quality of our work, ensured through our experience, and our pricing.
We are certified as compliant with ISO data standard 27001. We have redundant personal security, including biometric access into and out of any document review room. The data we review stays in the United States, and we are granted access to it remotely. No cell phones are allowed in our document review rooms and the computers in the rooms are connected to a local area network. Other than the instance of Relativity or other platform, the reviewers do not have general access to the internet from the document review room. The computers are not hooked up to a printer and the USB ports are disabled. It is a dark environment.
People who have had their data compromised deserve, at the very least, to have all reasonable steps taken so that their data is not exposed again.
Our price point is lower than any other legal Process Outsourcing Company. Our pricing is at one charge for all lawyers, the front-line reviewers, the US lawyers who manage the review and our tech lawyer specialists. We can deliver pricing either on an hourly or per document basis. We can either include the processing and hosting piece as part of, or not as part of, our solution. Any way you slice it, our pricing is lower than others.
Who we work with.
We are one of only two review partners approved by Canopy, the tool of choice of data breach professionals. We work with Cyber security and Incident Response teams and the lawyers that manage those relationships to identify protected data that has been compromised so that the affected individuals and entities can be notified of the compromise of their information. The point of contact is an Amlaw lawyer who has a diversified team of lawyers and data and computer scientists to assist in obtaining and presenting the data as requested using the latest legal technology solutions.
Frequently Asked Questions
How does LO2 prepare their notification list different than other companies?
We use several data scientists and proprietary technology we have developed using tools such as SQL and Python to help speed up our final notification list preparation. This is in addition to our highly experienced and trained QC team; team leads and project management group who ensures that the quality is maintained throughout the notification list preparation process. We pride ourselves on having a template for notification lists but being willing to work with you on any customization which you may need for your specific client and project. The result is a list free of duplicates, which clearly points out any anomalies or unusual occurrences in the data and makes it extremely easy to meet your notification requirements with little to no work required on your end except to draft the letters which need to be sent out.
How does LO2s experience differentiate them from other data breach review teams?
Many other data breach review companies hire their teams ad hoc on an as needed basis. We have learned over the years that the best data breach reviewer is one who is a permanent employee. It may seem easy to hire someone and quickly train them to do data breach. However, this ignores the fact that the types of documents in each data breach review can be complicated and involve industry-specific terms and PII. To get the best team, you need a team that has seen many examples of different industry documents and can identify the information which needs to be captured. Because of that, our team is highly specialized and trained. Any new employee we hire is someone who has worked extensively on data breach beforehand. We also continually train our employees and run an extensive quality control process with a dedicated team and benchmarks for expected accuracy. Because of this our quality stands heads and shoulders above our competitors, because we understand that more experience and training is the best way to approach reviews.
How is LO2s customer service different than other review companies?
From the very beginning of each review our commitment is to be sure that you, as the client, feel like we have custom built the review and notification list for you. On day one we send out a template for the notification list and the protocol we follow. If the client has any changes, they want made we incorporate those changes from the beginning. This ensures the final product meets all their requirements and is easy to use. After that, on a day-to-day basis, we send out a Q&A log and status update. This helps our clients to see any documents which are out of the ordinary and to be able to determine if there is any data in those documents which need to be captured.
It also helps our clients see when the project will be completed and if there are any documents which may extend the timeframe of the production. At the end of the review, we provide not only the notification list, but also all reportable data documents which can be referenced by doc ID to the list itself. This then means that all the hosting can be ended immediately at the end of the review. This saves our clients money, because it means if they have questions, they can go directly to the documents instead of us acting as a pay wall for any questions they have as they meet their notification requirements.
Our goal is to complete the review phase and get out of the way. Our clients appreciate this, because many other companies will keep all the documents behind a pay wall going forward to earn more money. This is not our purpose. Instead, we are here to do the review and let our clients then complete their work without any friction or further pay requirements.