PUMA – Please Use More Acronyms
WYSC – Why You Should Care
CBEC – Challenges with Business Email Compromises
BNRR – Breach Notification Rules & Regulations
EFTW – eDiscovery For The Win
Objective: Open the door to leveraging e-discovery tools for new use cases
…teach a new dog old tricks…
2. Private and Confidential – Copyright 2019
Agenda
1. PUMA – Please Use More Acronyms
2. WYSC – Why You Should Care
3. CBEC – Challenges with Business Email Compromises
4. BNRR – Breach Notification Rules & Regulations
5. EFTW – eDiscovery For The Win
Objective: Open the door to leveraging e-discovery tools for new use cases
…teach a new dog old tricks…
3. Private and Confidential – Copyright 2019
PUMA – Please Use More Acronyms
1. DBIR – Data Breach Incident Response
2. DFIR – Digital Forensics Incident Response
3. APT – Advanced Persistent Threat
4. DLP – Data Loss Prevention
5. BEC – Business Email Compromise
6. HIPAA – Health Insurance Portability & Accountability Act
7. PII – Personally Identifiable Information
8. PHI – Protected Health Information
9. PCI – Payment Card Information
10.MDE – Mass Data Entry
4. Private and Confidential – Copyright 2019
WYSC – Why You Should Care
Email related attacks totaled over
$12B in losses in 2018.
On average each stolen record costs
the company $148.
The efficiency in identifying an
incident and the speed of the
response has a huge impact on its
overall cost.
5. Private and Confidential – Copyright 2019
BEC – Business Email Compromises
Spear Phishing:
Fraudulent emails
targeted at specific
individuals to get them
to open a malicious
attachment or link. Goal
is to gain access to
confidential
information.
6. Private and Confidential – Copyright 2019
BEC – Business Email Compromises
Company
Insurance
Carrier
Digital
Forensics
Notification &
Call Center
Breach
Counsel
PII
Identification
& Extraction
1
2
3
4
What happens next:
1. Engage Counsel
2. Contact Insurer
3. Breach Counsel
Quarterback
4. 3rd Party Forensic
Investigation
5. Targeted Data Mining
6. Identify Exfiltrated PII
7. Notify Impacted
Individuals
7. Private and Confidential – Copyright 2019
Major Challenges
- PII in context cannot be identified
with standard Boolean searches
- Identification requires eyes on review
- Extraction of elements needed for
notification is a manual process
- Tight deadlines require brute force
attack; increasing need for quality
control
- Each data set is different
- Merging data entry fields requires
detailed analysis and normalization
- Performing this kind of work creates
new data sources with lists of PII
14. Private and Confidential – Copyright 2019
eDiscovery For the Win
PII Identification &
Extraction
Phase 1:
• PROCESS, ANALYZE, CULL:
• Initial ESI processing, indexing, hosting, culling and associated analysis
to reduce document count and prepare data for eyes-on attorney review
• PII/PCI/PHI Search Terms – Keyword & Pattern Matching
• AI Analytics
Phase 2:
• EYES-ON REVIEW & DATA ENTRY:
• Categorization and data capture by managed team of attorneys, quality
control review, and coordinated quality assurance review with
cybersecurity outside counsel
Phase 3:
• NORMALIZATION & DELIVERABLE CREATION:
• Conversion and normalization of notification report to specification
• Additional analysis and customization performed at this stage
In a nutshell:
• Search emails
• Present to reviewers
• Confirm PII Exists
• Categorize Type of PII
• Key in Name/Address
• Create Report
15. Private and Confidential – Copyright 2019
FTW – eDiscovery For The Win
ID Related Tags
Social Security Number
Driver's License Number
State Identification Number
Passport Number
Alien Registration Number
Military ID Number
Tribal Identification/Enrollment Number
Unique or Other Gov’t Issued ID
Date of Birth
Other Vital Information Tags
Birth Certificate
Marriage Certificate
Parent's legal surname prior to marriage
Account Access Tags
Email address and password (or required
security code or access code)
Username and password (or required
security code or access code)
Security Code, Access Code, or Password
Financial Related Tags
Financial Account Number: For example, a
bank account number on a check or
electronic wire transfer.
Security code or password
Credit/debit card number
Credit/debit card number security code or
password: Such as a PIN number or
password for an account
Tax Related Tags
Individual Taxpayer Identification #
Employer Taxpayer Identification #
Identity Protection Personal Identification #
issued by the IRS
IRS e-file PIN
Health Related Tags
Medical history, condition, treatment, or
diagnosis
Health insurance policy number or
subscriber number
Health insurance application or claims
information
Health information: Defined as “any
information that identifies an individual
and relates to physical or mental health or
condition, the provision of health care, or
payment for health care
Employer Related Tags
Employee Account Information: This
must include an ID number assigned by
an employer plus a security code,
access code, or password. Do not use
if the employee ID is alone and does not
include a security or access code or
password.
Work-related Evaluations: For example,
a performance reviews
Pro Tips:
- De-dupe at the document level (it’s
ok to break families)
- Suppress 100% textual near dupes
- Suppress non-inclusive threads
- Cluster documents by concepts
- Turn on Active Learning
16. Private and Confidential – Copyright 2019
Deliverable – Before & After
Document ID Full Name
First
Name
Last Name Driver's License #
Parents Legal
Surname Prior to
Marriage
Social Security
Number (full)
Passport Number
Health
Information
CTRL-0000001 J SMITH J SMITH YES
CTRL-0000002 JANE SMITH JANE SMITH YES
CTRL-0000003 JANE S SMITH JANE SMITH YES
CTRL-0000004 JANE SMITH-BROWN JANE SMITH-BROWN YES
CTRL-0000005 JANE SMITH JANE SMITH YES
Document ID's Full Name
First
Name
Last Name Driver's License #
Parents Legal
Surname Prior to
Marriage
Social Security
Number (full)
Passport Number
Health
Information
CTRL-0000001; CTRL-0000002;
CTRL-0000003; CTRL-0000004;
CTRL-0000005
JANE S SMITH-BROWN JANE SMITH-BROWN YES YES YES YES YES
17. Private and Confidential – Copyright 2019
Other Use Cases & More Information
Use Cases:
• Responding to Data Subject Access Requests
• DLP Risk Assessments
• Digital Transformation Solutions
Links:
Insights into Today’s Breaches and Cyber Attacks: https://www.fireeye.com/current-threats/annual-threat-
report/mtrends.html
CCPA What You Need to Know: https://www.law.com/njlawjournal/2018/12/01/the-california-consumer-privacy-act-what-you-
need-to-know/
True Cost of a Data Breach:https://www.ibm.com/security/data-breach
Editor's Notes
Key take away: when wading into a new practice area, learning the jargon is half the battle