CRA’s Forensic Services Practice was retained by a commercial electronics supplier, with a number of US Government contracts, to respond to a malware-caused data breach event implicating over one million files. Based on the nature of its business, the client needed the team to review for PII/PHI and other privacy data to respond to notice obligations, as well as review to determine whether any Government data was involved. Even after culling the review universe through email threading, de-duplication, and standard search terms, the client was faced with a review universe of over 440,000 unique files.
Using sophisticated data sampling techniques, the team developed bespoke search terms, including complex Boolean logic strings.
CRA’s creative approach led to an overall reduction of potentially reviewable data by 97%, allowing the client to comfortably meet its notice deadlines, while achieving significant cost savings.