Data mining has increasingly become one of the largest expenses during a cyber incident, often leaving claims professionals with blown budgets and insured clients in high-risk scenarios when assumptions about their data (and what may lurk within) dictate the operationalized response towards providing notice to affected parties after a breach.

A lack of standards amongst breach coaches, claims professionals, and the vendors who consult on and perform data mining work has resulted in an unmanageable situation for insurers, despite there being repeatable, defensible methods to stage, understand, and act on sensitive data utilizing workflows that are established in the scientific method and eDiscovery in general during litigation.

This session will highlight the risks of over and under notice of impacted individuals in a cyber incident and will discuss key checkpoints ahead of and throughout the data mining process, while giving claims professionals a new understanding of the types of levers they should be pulling internally at their organizations, and with their partners to optimize, manage, and establish repeatable processes with a special focus on the below underlying themes:

* Whether to provide individual notice under data breach law requires understanding some key facts: whose data is at issue? Where are they (in what jurisdiction)? What data is at issue? How (and to what degree) was the data compromised.

* When unstructured data is compromised, this requires identifying the who, where and what of the data through cyber review. Making assumptions about the data (even informed assumptions based on SMEs) will inevitably lead to over and under inclusive notice. PII and PHI can creep into places (and be missing from others).

* Over notice creates risk as it inflates the scope of the breach unnecessarily damaging the brand and making the incident more attractive for litigation.

* Under notice is worse as it can lead to questions about the sufficiency and completeness of the notice and remediation steps. Attacking the completeness of the notice allows plaintiff counsel to open a new front in their litigation.

Expert Panelists

Mike Sarlo
Chief Innovation Officer, President, Global Investigations and Cyber Incident Response Services, HaystackID

Mike, as Chief Innovation Officer, works closely with HaystackID’s software development and data science teams to deliver best-in-class data collection, eDiscovery, and review solutions that allow legal teams to act on data types typically not conducive to collection, review, or production in the context of eDiscovery. In his role as President of Global Investigations, Michael works closely with clients on the most challenging and complex regulatory, investigative, and civil litigation matters. Michael also oversees HaystackID’s Cyber Discovery and Incident Response Services division. He leads a cross-functional team of HaystackID experts that regularly assist insurers, breach coaches, and their corporate clients when a data breach occurs.

Susana Medeiros
Associate, Norton Rose Fulbright

Susana is an associate and a member of the Information Governance, Privacy, and Cybersecurity team. She is a Chambers-ranked attorney recognized and has represented clients both preparing for and responding to cyber incidents. Leveraging her traditional eDiscovery experience, Susana assists clients with efficiently and defensibly responding to cyber incidents to quickly identify data subjects impacted and the types of personal information impacted, and advise clients about the scope of the incident and the company’s obligations to notify the appropriate authorities and the people affected by breach. She also assists with providing advice around CCPA, CPRA, and GDPR compliance from an information governance and data minimization perspective.

Kelly Atherton
Senior Manager of Cyber Incident Response, Norton Rose Fulbright

Kelly is the Senior Manager of Cyber Incident Response at Norton Rose Fulbright. She leads a team of eDiscovery professionals to support the cyber review component of the firm’s global data breach and cyber incident response services. She has prior experience practicing complex business litigation and has held director roles with legal services providers specializing in TAR, analytics, and managed review. She is CEDS certified; a Relativity Expert; a Brainspace Certified Analyst, Specialist, and Administrator; and holds certifications in Reveal AI and Review.

Anya Korolyov
Vice President, Cyber Incident Response and Custom Solutions, HaystackID

Anya, the Vice President of Cyber Incident Response and Custom Solutions at HaystackID, has 17 years of experience in the legal industry as a licensed attorney, including 14 years of experience in eDiscovery, focusing on data mining, complex integrated workflows, and document review. In her role, Anya works on developing and implementing the strategic direction of Cyber Incident Response. Anya is one of the industry’s leading experts on Data Breach Incident Response, Notification, and Reporting, with a solid understanding of machine learning, custom object development, regular expressions manipulation, and other technical specialties.