Canopy Blog

Adi Elliott Talks Cybersecurity & Breach Response with “The Data Diva”

Written by Canopy Team | August 19, 2021

Having journeyed from ediscovery into data breach response, Adi Elliott knows emerging technologies. And as Canopy’s chief revenue officer, he’s also an authority on applying AI to cybersecurity and data privacy.

Adi recently joined another industry expert, “The Data Diva” Debbie Reynolds, to discuss data privacy concerns, what’s new with data breach response, and cyber tech advancements that are helping breached organizations notify faster. You can listen to the full podcast episode on Spotify

Here’s a summary of the key topics Adi and Debbie covered:

 

Why Ediscovery Tech Doesn’t Work for Breach Response

“At a really, really high level, data breach response kind of looks a bit like ediscovery. But as soon as you get into the weeds, it’s super different.”

As Adi explains, there are several key ways that these two industries differ, from the initial data mining focus — custodians, keywords, and dates versus PII and people — to the ultimate deliverable — a set of documents versus a consolidated list of people and their PII. 

Download our white paper, 5 Reasons Why Ediscovery Is Not a Data Breach Response Solution, to explore these differences in more depth.

 

Today’s Cyber Threats & Data Privacy Regulations

“Unfortunately we live in a world where companies can largely take all the right steps and all the right precautions and still have compromised situations. It’s just the way the world works these days.”

Threat organizations are becoming increasingly more sophisticated, with some even having corporate websites and core values to recruit cyber criminals. And because the vast majority of data breaches are from phishing emails, and people need to use email to do business, breaches will likely never be definitively solved. 

What is possible, thanks to new technology, is achieving a response that is fast enough to comply with regulations like GDPR’s 72-hour notification timeframe, and alert people that their PII has been compromised ASAP to minimize harm. Organizations can proactively assess their privacy impact, too — more on that below.

 

AI-Powered Data Breach Tech Advancements

“We ended up hearing from the [breached] company itself, and based on what the initial estimates were using the legal review workflow, it was going to cost them like $3 million more than they ended up spending with Canopy.”

The now “old school” approach to data breach response is running search terms or regular expressions (regex). Adi explains that these methods are both under- and over-inclusive: a lot of PII doesn’t match these types of searches, while non-PII does. So document review teams waste time and resources looking at documents that don’t contain PII, while also missing valuable documents that do contain sensitive information.

Enter Canopy. Our software does the heavy lifting in finding the PII and the people in breached data sets, then queues those findings up for validation by humans. It speeds up the entire process — from data mining to review to deduplication — saving money and achieving a more accurate end result.


This is just a quick rundown of what Adi and Debbie covered during their 45-minute conversation. Listen to the full episode on Spotify (or wherever you listen to podcasts), or visit The Data Diva's website for a full transcript.