Last date modified: 2025-Nov-12

Data Breach Response

Data Breach Response is a Relativity application purpose-built to simplify and accelerate the complex process of identifying sensitive information and matching it to the relevant entity, generating a notification list of impacted individuals.

Data Breach Response workflows have integrated PI identification to find pre-determined PI types, such as SSN, date of birth, credit card information, PHI, and more. PI is automatically linked for structured documents, which speeds up the review and quality control (QC) process. Data Breach Response also leverages AI to deduplicate entities across documents to produce a notification list, allowing you to respond within the mandated timeline.

This product is available as a Relativity application (RAP) called Data Breach Response. The application can be installed into a RelativityOne Review workspace that runs within a RelativityOne production environment. The data used for analysis never leaves the RelativityOne security boundary, which aligns with security and compliance requirements defined in RelativityOne contracts.

  • Input—Documents identified by a Saved Search to be analyzed by Data Breach Response.
  • Output—A notification report containing impacted individuals and their associated personal information.

Conceptual workflow

The steps below illustrate high level workflow steps for the Data Breach Response product

  1. Upload and process documents in your RelativityOne environment.
  2. Configure the Data Breach Response application into your environment.
  3. Start a new Data Breach ingestion job and select the saved search of documents for review.
  4. Select personal information detectors to use and add any custom detectors.
  5. Run the AI pipeline across the document set by going to the Data Analysis tab. You will immediately start to get insights on identified PI and have the ability to review documents as PI detection completes.
    You can access documents ready for review on the project dashboard in real time. If the normalizer step is run the entity report is also automatically generated.
  6. Access the Project Dashboard to view personal information identified across the document set.

  7. Review the notification list in the Entity Analysis tab to resolve conflicts and finalize your desired output.

  8. Create a notification report.

Document requirements

File limitations for Data Breach Response are as follows:

  • Data Breach Response can support up to 300M personal information annotations and 150M entities, represented across 1 TB of native data in a Data Breach Response workspace.
  • Extracted text files should be provided for all document types. For PDFs, predictions cannot be accurately made without a proper extracted text file.
    Customers can OCR in RelativityOne. See OCR for instructions.
  • The following document types are not supported:
    • Documents that open with an error or warning
    • Excel files older than Excel 95 (v 7.0)
    • Native spreadsheets greater than 40MB
    • Native non-spreadsheets greater than 75MB

Supported file types

Document type Supported extensions Limitations and notes
Structured documents
  • csv
  • tsv
  • xls
  • xlsx
  • xlsm
  • xlt
  • xltm
  • xltx
  • xlsb

CSVs must be delimited by comma. No other delimiter is supported.

TSVs must be delimited by tab. No other delimiter is supported.

Unstructured documents
  • ppt
  • pptx
  • pptm
  • doc
  • docx
  • txt
  • eml
  • msg
  • mht
  • svg
  • pdf
  • fdf
  • xfdf
  • pub
  • dwg
  • dxf
  • dgn
  • rvt
  • dwf
  • odt
  • odp
  • rtf
  • wpf
  • bmp
  • jpg
  • jpeg
  • png
  • wmf
  • emf
  • gif
  • hdp
  • jp2
  • jpc
  • tif
  • tiff
  • xps
  • oxps
  • xml
  • xod
  • xaml
  • vcf

Embedded documents are not supported.

Extracted text is leveraged for emails, so formatting may be lost.

 

Structured and Unstructured documents

Data Breach Response categorizes documents as either Structured or Unstructured, each requiring a distinct approach to identifying PI.

  • Structured documents—contain data that is organized in a specific and predefined way, typically in a table with columns and rows where each data point has a specific data type.
    Examples of structured documents include databases, spreadsheets and CSV files. Data Breach Response identifies table boundaries and detects header & column content to predict PI.
    To review Structured documents, see Structured document review.
  • Unstructured documents—contain unlabeled or otherwise unorganized data. The content on the files are usually composed of natural language.
    Examples of unstructured documents include text-based documents such as emails, word processing documents, and forms with additional unstructured data sources such as photos, and audio files. Data Breach Response uses the context of the document to differentiate different types of PI. To review Unstructured documents, see Unstructured document review.

Language support in Data Breach Response

Data Breach Response has primarily been tested in English language documents. There is support for additional languages. See OOTB detectors for details.

Data Breach Response does not support CJK characters.

Limitations

The following are limitations to consider when using Data Breach Response:

  • Data Breach Response cannot be run in a repository workspace

  • The Data Breach Response application is not compatible with ARM.

Frequently asked questions

Data Breach Response supports up to 1TB of data with 300M PI Annotations and 150M entities per workspace.

No. One job must complete prior to a subsequent job starting. If more than one job is submitted, the later-submitted job will be queued.

FamilyRange can be either the range (REL-00000000-0001 - REL-00000000-0005), or a GroupID or GroupIdentifier.

Custodian should be mapped to the Primary Custodian. Should additional custodians be required, please use a Text field to list all non-Primary Custodians, and notify Data Breach Response of the field name.

Return to top of the page
Feedback