Rapid Cyber Incident Response (CIR) notifications meet regulatory requirements and help start to rebuild customer trust

Challenge

A large US corporation was the victim of a cyber security incident which resulted in an urgent need to notify their customers affected by the potential breach of Personal Identifiable Information (PII) and Protected Health Information (PHI). With the known time pressure, we were faced with unpredictable document volumes and an emphasis on the protection of all proprietary and personal information.

Solution

The CIR group with LDM Global’s Legal Services team worked closely with the corporate client’s insurance company to optimize accuracy and speed while also reducing unnecessary notification costs. Our team established a robust and reusable process with minimal start-up delay for future scalability to respond to further cyber incidents.

The Full Story

Our client is a leading US-based insurance company and cybersecurity consulting firm that supports enterprises after a data breach.

They were faced with the mammoth task of identifying PII and PHI in over 1 million documents to be able to notify individuals affected by the cyber breach. This was a high-priority task to comply with regulatory requirements and to start the process of rebuilding trust among their customer base.

The Legal Services team at LDM Global responded swiftly by deploying a dedicated Cyber Incident Response (CIR) group of 100+ data analysts, legal, quality control, and management associates. These experts rapidly and accurately identified and extracted PII and PHI from the dataset to create an organized and de-duplicated Notification List for the end client.

Our focus on exceptional customer service, proactive communication, multiple validation checks, and a daily status report ensured that the client was always aware of the delivery timeline and service delivery quality.

To ensure integrity and security, all the data suspected of being breached was reviewed in our own India-based ISO 27001 certified Operations Center. The data set included the normalization of data-dense spreadsheets which required Mass Data Entry (MDE). The team reviewed 1.1 million documents, identifying customers plus employees that needed to be notified their PII and PHI was breached.

With our team’s expertise at handling such time and information-sensitive matters, a robust and reusable process was established with minimal start-up delay for any future incidents faced by our client.