Most large enterprises have well-formulated data breach response plans that are the clear-headed output of cross-functional teams across, privacy, data security, compliance and IT. However, when teams look to put these plans into action, panic often ensues. Exacerbating the panic is that data breach assessment is typically slow and difficult to perform accurately - especially with high data volumes. But there is a better way.
Dealing With Compromise
This data breach bottleneck typically places enterprises dealing with a breach in a bind. Teams can either rush to issue a blanket notification, potentially overreporting on the breach’s impact. Alternatively, teams can perform a thorough assessment in a race against the clock for hitting notification timelines.
In either case, data breach response teams are forced into a compromise that heightens risks.
Why do enterprises have to contend with this bind? Data breach response teams using current approaches relying on pattern matching and human review face a set of intertwined challenges:
- Identifying PII accurately at scale to understand the extent of the breach’s impact
- Linking all PII and personal information data elements to individuals for notification process
- Determining whose data has been impacted to determine notification triggers
- More complexity in managing notification requirements across multiple jurisdictions
The most recent development in the data breach regulatory passage is the approval of the proposal to enact the California Privacy Rights Act on the November ballot. Among the impactful provisions of CPRA, is that breach liability now extends to combinations of data (such email address in combination with a password or security question and answer).
Doing Away With Compromise
What approach can data breach response teams adopt to deal with these challenges?
Text IQ’s Data Breach IQ is designed to accelerate the data breach assessment phase so that teams can actually execute against their plans, and avoid either overreporting or reporting too late. Data Breach IQ enables data breach response teams to make quicker, more informed, and more accurate decisions on who to notify based on applicable regulations and relevant attributes.
The Light at the End of the Tunnel
Data Breach IQ makes significant strides towards your data breach response team “having it all” and leaving compromise behind. Here are a few of the highlights:
- PII identification based on context rather than search terms
- Identification of sensitive data and special category data
- Entity linkages and normalization - consolidate all data elements of an entity
- Efficiently analyze large amounts of structured and unstructured data
Now, let's delve deeper into each of these points.
Text IQ’s AI technology uses semantic analysis and human signal inputs to firstly more accurately identify Personally Identifiable Information, such as Social Security numbers that existing approaches based on search terms still struggle to consistently identify accurately.
Secondly, by incorporating context and semantic analysis, Data Breach IQ can identify sensitive data and special category information, like political affiliation, health status or sexual orientation that no strategy using search terms could identify at all.
Data Breach IQ, thirdly, enables entity linkage and entity normalization. In more practical terms, this means that the software automatically ties data elements to individuals, and merges multiple ‘personas’ into a single profile for notification.
Lastly, Data Breach IQ can perform at scale across unstructured and structured data sources. For instance, Text IQ has helped one client work through tens of thousands of Excel spreadsheets in 75% of the time compared with manual review and reduce the number of notification profiles from potentially 30 million to around 1.5 million.
To learn more about Data Breach IQ:
- Read how this AMLaw 50 law firm cut assessment time down by 75%
- Hear about best practices for data breach response plans from an expert panel
- Download our solution brief to dig deeper on product capabilities
To schedule a demo, please contact us.