AI Overcomes the Data Breach Assessment Bottleneck

A new tool from Text IQ aims to streamline data breach response by more quickly and accurately identifying personal information and impacted individuals in unstructured data.

As enterprises contend with both a growing patchwork of local and global data breach regulations and more complex notification decisions, Data Breach IQ tackles the critical bottlenecks in the data assessment phase that can put the effectiveness of breach response plans at risk.

Designed to bring structure to unstructured data, Data Breach IQ can both reduce assessment time by as much as 75%, and automate the process of determining whose data has been breached. Data Breach IQ enables data breach response teams to make quicker, more informed, and more accurate decisions on who to notify based on applicable regulations and relevant attributes.

The data breach notification landscape has grown more complex internationally as state-level regulations - such as the recently passed California Privacy Right Act (CPRA) - proliferate, and regulators look to enforce the data breach reporting provisions of the EU’s GDPR, Brazil’s LGPD and South Africa’s POPI.

Current approaches that rely on search terms and human review, especially in the case of unstructured data, place enterprises in a bind: either report too early - before making a full assessment, or run the risk of missing notification deadlines until a full assessment has been completed.

“Relying on the status quo to understand large-scale unstructured data is risky. It’s also potentially time-consuming and expensive. Today, AI can completely and reliably automate the low value work of PI identification in document review and reduce risk. It lets cybersecurity practitioners like me better serve our clients,” saidRichard Lutkus, Partner At Seyfarth, Privacy And Cybersecurity

Data Breach IQ Solution

In contrast to approaches relying on search terms and keywords, Data Breach IQ’s AI-driven classification incorporates semantic analysis, human signals, and context to improve accuracy for Personally Identifiable Information like names and Social Security numbers, including all variations and even misspellings, as well as identify sensitive data such as political opinions, genetic data, and race and ethnicity.

Since Text IQ takes an entity-centric approach to map, link, and associate all relevant data elements to individuals, the output can also automatically determine residency by individual. Once state residency is applied to the individual’s data, breach response teams can automatically determine whether notification conditions have been triggered based on the relevant thresholds and attributes defined by each state regulation.

Rather than having to juggle notification deadlines against the time taken to complete a comprehensive assessment of the impacted data, enterprises can implement a streamlined plan based on data insights, including:

  • Which documents & files in a breached dataset contain personal data, sensitive data & PII
  • Which individuals are impacted by the breach
  • The data elements & data combinations linked to each individual
  • Whether there are multiple profiles for a single individual that can be normalized
  • The residency of the impacted individuals
  • Whether the attributes impacted should trigger a notification step

Watch to see how Data Breach IQ works