Personal data breaches are increasingly frequent and making front pages news. As a result, eDiscovery document review solutions are no longer just being applied to litigation matter, but are now also being used by cyber-security teams to comply with data breach notification requirements.
Under state, federal and international privacy laws and regulations, such as GDPR, FERPA, PCI, HIPAA etc., when a company has experienced a data breach, they are required to investigate what specific data was compromised and to notify the affected individuals. These privacy laws and regulations not only have specific deadlines as to when affected individuals must be notified, they also have serious penalties for failing to provide notification within the required time.
Accordingly, to comply with these strict legal requirements, cyber-security incident response teams are now applying eDiscovery document review solutions as the quickest and most affordable approach to combing through massive amounts of documents to determine whose data has been breached.
For example, traditional eDiscovery processing and analytics tools such as de-duplication, near de-duplication and email threading tools are being used to eliminate duplicates and limit false positives. Additionally, pattern recognition tools are being used to quickly identify documents with recognizable patterns, such as social security numbers, employee identifiers, phone numbers, etc. Similarly, Technology Assisted Review (TAR) tools are being used to prioritize documents for the review team.
Once the impacted data has been culled and prioritized, cybersecurity teams have also been adopting from their eDiscovery counterparts the engagement of offshore document review teams as a quick and cost-effective solution to analyze and review the data for notification compliance.
Thus, in today’s digital age where data breaches are becoming more and more prevalent, eDiscovery document solutions are increasingly being adopted by cyber-security incident response service providers as the best strategy for rapidly addressing data breaches noticing and assessment requirements.
Ben Friedman, JD is LO2’s Vice President of Client Development, please feel free to reach out to Ben with any questions or comments you might have. firstname.lastname@example.org / 561-886-7764