9 Differences between Data Breach and Litigation Reviews, Part 2
2 July, 2020

9 Differences between Data Breach and Litigation Reviews, Part 2

In a cyber incident response, data must be scanned for Personally Identifiable Information (PII) and Protected Health Information (PHI) to determine if a data breach of protected data has occurred. Data breach review of a business email compromise presents unique challenges that go unmet when utilizing the traditional ediscovery software used for litigation reviews. I recently got together with Brian Evans, an expert in litigation technology, to discuss 9 key differences between data breach and litigation reviews. See what we came up with in part two of this three-part post.

Click here to go to the previous post in this series.

4. Review Staff

In contrast to a litigation review, attorneys are not required to make nuanced legal or privilege calls during a first-level data breach review. Reviewers with experience in cyber-related matters can quickly determine if a document contains sensitive information. Whether or not that information is reportable is later determined by an attorney.

5. Deliverables

A litigation review delivers a list of relevant documents corresponding to issues that tell a story. In contrast, a data breach review compiles a de-duplicated list of all affected individuals, their affected protected data elements, and contact information. This list provides information for the attorney to make decisions on reporting obligations by jurisdiction and is also used in the notification process itself. Just a few documents in a data breach review (e.g. monthly coordination of care or HR reports) can contain billions of affected elements that must be added to the list, consolidated, and cross-referenced with the source document.

6. Images

Certain document types require special handling in a data breach review. For instance, image-based or handwritten documents (i.e. mortgage, tax, health care, employment, and financial) are rich in protected data that can’t be cut-and-pasted or otherwise extracted programmatically. The sensitive information contained in many of these images is not easily searched. Unless a litigation review targets these types of images, they are culled out before ever reaching the review team, or ignored entirely during the review itself.

In the next blog post, we will cover three more key differences between Data Breach and Litigation Review: reporting, cost factors, and technology.


Canopy’s Protected-Data Discovery system is proven to help teams achieve much higher accuracy and faster review speed with less effort. Who says you cannot improve on all three: better, faster, and cheaper? To schedule a demo of Canopy’s Protected-Data Discovery technology, please contact us.


  •   July 2, 2020
  •   Ralph Nickl, Brian Evans
  •   Data Breach
  •   Reading Time 2 min
  • Share on: