9 Differences between Data Breach and Litigation Reviews, Part 3
7 July, 2020

9 Differences between Data Breach and Litigation Reviews, Part 3

In a cyber incident response, data must be scanned for Personally Identifiable Information (PII) and Protected Health Information (PHI) to determine if a data breach of protected data has occurred. Data breach review of a business email compromise presents unique challenges that go unmet when utilizing the traditional ediscovery software used for litigation reviews. I recently got together with Brian Evans, an expert in litigation technology, to discuss 9 key differences between data breach and litigation reviews. See what we came up with this final post of our three-part post.

Click here to go to the previous post in this series.

7. Reporting

Litigation review requires regular and timely reporting of certain metrics to gauge progress, accuracy, and totals of relevant or privileged information found. Data breach review requires much of this same reporting, but also requires on-demand sensitive data reporting of the numbers and types of protected elements found for each jurisdiction. These sensitive data reports are closely monitored so attorneys may change the scope of the review depending on the contractual, regulatory, and business reporting requirements. Insurers also require timely reporting of the scope and progress of the incident as part of their policy.

8. Cost Factors

Pressures to reduce costs are common in both litigation and data breach reviews, but what used to be acceptable in terms of costs for a data breach response has quickly changed to reflect much greater cost reduction pressures from both clients and insurers. The reasonableness for both cost and timing pressures continues to evolve, but is often at odds with the regulatory requirements and needs. As such, each response may have a different risk/cost calculation depending on several factors that will affect the scoping of both identification and review goals.

9. Technology

Data breach and litigation reviews are both grounded in defensible ediscovery standards, but workflows and outcomes are different. How and when to apply technology-assisted review capabilities differs dramatically between a data breach review and a litigation review. New technologies designed for the end-to-end data breach review workflow address the unique pain points of a data breach review, detecting protected data quickly and automatically resolving the list of affected individuals to provide faster and more accurate decision making on potentially reportable data.


Canopy’s Protected-Data Discovery system is proven to help teams achieve much higher accuracy and faster review speed with less effort. Who says you cannot improve on all three: better, faster, and cheaper? To schedule a demo of Canopy’s Protected-Data Discovery technology, please contact us.


  •   July 7, 2020
  •   Brian Evans, Ralph Nickl
  •   Data Breach
  •   Reading Time 2 min
  • Share on: