Feedback
Last date modified: 2025-Dec-16
DBR Generative AI Limited General Availability (LGA)
Generative AI technologies—particularly large language models (LLMs)—are central to the capabilities of Data Breach Response (DBR) AI workflows. While these technologies are powerful, they also come with limitations. It’s important that you understand these limitations and use the product with appropriate care.
In general, we expect all DBR outputs to be reviewed by a human. Specifically, there are known risks that the AI may:
- Omit critical information, such as Personal Information (PI) or Protected Health Information (PHI).
- Incorrectly identify non-personal data as PI.
- Flag documents as containing PI when they do not—or fail to flag documents that do.
- Mislabel or miscategorize data.
- Fabricate PI that does not actually exist in the source document.
Although our testing has shown these behaviors to be rare, we cannot guarantee they will never occur. Therefore, human oversight remains essential.
Additional system limitations are outlined in more detail below.
Extracted text only
Currently, PI annotations are generated based solely on the extracted text from documents. This means that any information contained in metadata, images, or other non-text elements that are not visible in the extracted text will not be considered during annotation.
To ensure accurate processing, all unstructured documents ingested into the DBR tool must contain properly OCR-processed text.
Shared LLM resources
LLM services are integrated across various Relativity products within the operational geography/ RelOne instance. For optimal results, it is highly recommended to utilize a single AI-based tool at any given time.
Security and privacy
Azure OpenAI does not retain any data from the documents being analyzed. Data you submit for processing by Azure OpenAI is not retained beyond your organization’s instance, nor is it used to train any other generative AI models from Relativity, Microsoft, or any other third party. For more information, see the white paper A Focus on Security and Privacy in Relativity’s Approach to Generative AI.
Regional availability of Data Breach Response
The availability of Data Breach Response with GenAI varies by region.
The following table shows the regions in which Data Breach Response with GenAI is currently available:
|
Region |
Current LLM Model |
|---|---|
|
United States |
GPT-4.1 mini |
|
United Kingdom |
GPT-4.1 mini |
| Australia |
GPT-4.1 mini |
|
Canada |
GPT-4.1 mini |
|
France |
GPT-4.1 mini |
|
Germany |
GPT-4.1 mini |
|
Switzerland |
GPT-4.1 mini |
The version of Data Breach Response that does not use GenAI is still available in all regions.
When using Relativity's AI technology, the selected customer data may be processed outside of your specific Geo location as specified below. Contact your Relativity Success Manager for further information.
| RelativityOne Deployment Geography | aiR Processing Geography |
|---|---|
| Australia | Australia |
| Canada | Canada |
| EEA (France, Germany, Ireland, Netherlands) | EEA (currently Germany) |
| Switzerland | Switzerland |
| United Kingdom | United Kingdom |
| United States | United States |
For more details about availability in your region, contact your account representative.
For technical specifications of your region's current LLM model, see documentation on the Azure website.
Language support in Data Breach Response
Data Breach Response has been primarily tested on English-language documents, therefore accuracy is not guaranteed for other languages.
For the study used to evaluate Azure OpenAI's GPT-4 model across languages, see MEGAVERSE: Benchmarking Large Language Models Across Languages, Modalities, Models and Tasks on the arXiv website.
Data Breach Response does not support CJK characters.
Running Generative AI in Data Breach Response
To run Generative AI in Data Breach Response, you must reach out to your Relativity representative to turn on the feature within your instance.
- Before running the first ingestion job, navigate to Settings and toggle on GenAI in your workspace.
GenAI Mode can only be enabled for workspaces that have never run Data Breach Response before. Existing workspaces that have already started running jobs with Data Breach Response cannot be converted. - Select other settings as usual and Save.
- Proceed to Data Analysis as usual and start running the processes. Generative AI will run as part of the Unstructured Detection pipeline step. You will be able to see the estimated runtime for Data Analysis.
- There is a quota for how many unstructured docs can be run through GenAI. This quota is listed in the viewer and will be increased throughout the quarter. Existing document size and scale limitations for structured documents apply.
- You can continue to run custom detectors as usual. Customer detectors are not currently run through GenAI and therefore will not be autolinked to names as the GenAI detectors are.
- In the viewer you will notice a sparkle icon
for all GenAI generated entities on the Linked Entities panel.
You can directly edit linked entities and PI types.
Supported Personal Information detectors
Data Breach Response GenAI supports the following OOTB detectors:
| Detector Name | Description | Default Status | Category |
|---|---|---|---|
| ABA Routing Number | A nine-digit code used to identify U.S. banks for financial transactions | Off | Financial |
| Account Number | A number used to identify a specific financial account | On | Financial |
| Address | A location where a person lives or receives mail | On | Contact |
| Age | All age terms and phrases | Off | Demographic |
| Australia Tax File Number (TFN) | A unique number assigned to individuals and organizations in Australia for tax identification purposes | Off | Asia Pacific |
| Australian Individual Healthcare Identifier (IHI) | A unique number assigned to a medical account in Australia for identification and billing purposes | Off | Asia Pacific |
| Australian Medicare Provider Information | Off | Patient | |
| Credit/Debit Card Expiration | The month and year when a credit card expires | On | Financial |
| Credit/Debit Card Number | A unique number used to identify a credit card account | On | Financial |
| Credit/Debit Card Security Code | A short numeric code used to verify credit card transactions | On | Financial |
| Date of Birth | The full calendar date when a person was born | On | Demographic |
| Date of Death | The calendar date when a person passed away | On | Patient |
| Driver License Number | A unique number assigned to a licensed driver | On | North America |
| Email Address | A person's email address | On | Contact |
| EU VAT (value added tax) Number | Off | Financial | |
| Full Name | A person’s complete name, including first and last names | On | Contact |
| Health insurance number | Someone's health insurance identification number | Off | Patient |
| International Bank Account Number | A globally recognized number used to identify a bank account for international transactions | Off | Financial |
| Medical dates of service | Someone's medical appointment or service dates | Off | Patient |
| Medical provider name | Someone's medical provider or healthcare facility name | Off | Patient |
| Medical record number | Someone's medical record number | Off | Patient |
| National ID Number | Off | Identification | |
| Other | Any personal information not covered by standard categories | Off | Other |
| Partial Credit/Debit Card Number | A portion of a credit card number that does not include the full sequence | Off | Financial |
| Partial Date of Birth | The year a person was born, without the full birthdate | Off | Demographic |
| Partial Social Security Number | A portion of a US Social Security Number, not the full sequence | On | Financial |
| Passport Number | A unique number printed on a passport issued by a government or governing agency | On | Identification |
| Password | A secret word or phrase used to access a secure account or system | On | Security |
| Patient account number | Off | Patient | |
| Personal email address | An email address used for personal communication outside of work | Off | Contact |
| Personal Phone Number | A phone number used for personal communication | On | Contact |
| PIN | A short numeric code used to verify identity or authorize transactions | Off | Security |
| Prescription information | Someone's prescription medication information | Off | Patient |
| US Social Security Number | A government-issued number used for identity and tax purposes in the US | On | North America |
| UK Electoral Roll Number | A unique identifier assigned to individuals registered to vote in UK elections | Off | Europe, Middle East and Africa |
| UK National Health Service Number | A unique identifier assigned to patients in the UK's healthcare system | On | Europe, Middle East and Africa |
| UK National Insurance Number | A unique identifier assigned to UK taxpayers for social security purposes | On | Europe, Middle East and Africa |
| UK Unique Taxpayer Reference | A unique identifier assigned to UK taxpayers | On | Europe, Middle East and Africa |
| US Individual Taxpayer ID Number | A unique identifier assigned to foreign individuals who need a US taxpayer identification number | On | North America |
