Data Breach Response
Data Breach Response is an AI-powered solution used to reduce the time, cost, and risk to produce an entity notification list.
Data Breach Response workflows have integrated PI identification that leverage pre-built AI and ML models to find pre-determined PI types, such as SSN, date of birth, credit card information, PHI, and more. PI is automatically linked for structured documents, which speeds up the review and quality control (QC) process. Data Breach Response also leverages AI to deduplicate entities across documents to produce a notification list, allowing you to respond within the mandated timeline.
This product is available as a Relativity application (RAP) called PI Detect and Data Breach Response. The application can be installed into a RelativityOne Review workspace that runs within a RelativityOne production environment. The data used for analysis never leaves the RelativityOne security boundary, which aligns with security and compliance requirements defined in RelativityOne contracts.
- Input: Saved Search with documents to be analyzed by Data Breach Response
- Output: A notification report containing impacted individuals and their associated personal information
Conceptual workflow
The steps below illustrate high level workflow steps for the Data Breach Response product
- Upload documents into your RelativityOne environment using existing data transfer tools.
- Configure the PI Detect and Data Breach Response application into your environment.
- Start a new Data Breach ingestion job and select the saved search of documents for review.
- Use the Privacy workflow tab within the application to select the personal information detectors to use and add any custom detectors.
- Run the AI pipeline across the document set by going to the Data Analysis tab. You will immediately start to get insights on identified PI and have the ability to review documents as PI detection completes.
You can access documents ready for review on the project dashboard in real time. If the normalizer step is run the entity report is also automatically generated. - Access the Project Dashboard to view personal information identified across the document set.
-
Review notification list in the Entity Analysis tab to resolve conflicts and finalize your desired output.
- Create a notification report.
Document requirements
File limitations for Data Breach Response are as follows:
- Data Breach Response supports up to 500GB of native data per workspace.
- Extracted text files should be provided for all document types. For PDFs, predictions cannot be accurately made without a proper extracted text file.Note: Customers can OCR in RelativityOne. See OCR for instructions.
- The following document types are not supported:
- Password protected documents
- Documents that open with an error or warning
- Excel files older than Excel 95 (v 7.0)
- Native spreadsheets greater than 40MB
- Native non-spreadsheets greater than 75MB
Supported file types
| Supported extension | Limitations and notes |
|---|---|
| csv | CSVs must be delimited by comma, no other delimiter is supported. |
| tsv | TSVs must be delimited by tab, no other delimiter is supported. |
| xls, xlsx, xlsm, xlt, xltm, xltx | pivot tables converted to fixed tables |
| xlsb | output only as xlsx pivot tables converted to fixed tables |
| ppt, pptx, pptm, doc, docx | Embedded documents are not supported. |
| txt | |
| eml, msg, pst | Leverages extracted text so formatting may be lost. |
| mht, svg, pdf, fdf, xfdf, Pub, dwg, dxf, dgn, rvt, dwf, odt, odp, rtf, wpf, bmp, jpg, jpeg, png, wmf, emf, gif, hdp, jp2, jpc, tif, tiff, xps, oxps, xml, xod, xaml, vcf |
Structured and unstructured documents
There are two types of documents, and when it comes to finding PI, Data Breach Response treats each one differently.
- Unstructured documents—contain unlabeled or otherwise unorganized data. Detections for unstructured data are currently text based such as email, text documents, etc. with additional unstructured data sources in a future state such as photos, audio files, etc.
Data Breach Response uses the context of the document to differentiate different types of PI. - Structured documents—contain data that is organized in a specific and predefined way, typically in a table with columns and rows, and where each data point has a specific data type.
Data Breach Response identifies table boundaries and detects header & column content to predict PI.
Limitations
The following are limitations to consider when using Data Breach Response:
- Data Breach Response cannot be run in a repository workspace
-
The Data Breach Response application is not compatible with ARM.
Frequently asked questions
Is there a job size limit for the PI Detect and Data Breach Response application?
Data Breach Response supports up to 500GB of native data per workspace.
What is the transfer rate?
Regardless of dataset size, the application transfers documents in batches of 1000.
Can I run multiple jobs simultaneously in the same workspace?
No. One job must complete prior to a subsequent job starting. If more than one job is submitted, the later-submitted job will be queued.
What values are acceptable for FamilyRange?
FamilyRange can be either the range (REL-00000000-0001 - REL-00000000-0005), or a GroupID or GroupIdentifier.
Custodian is a single-entry field. What do I do if I have multiple Custodian values?
Custodian should be mapped to the Primary Custodian. Should additional custodians be required, please use a Text field to list all non-Primary Custodians, and notify Data Breach Response of the field name.
