Add Incident Response

Add Incident Response to the List of Use Cases for eDiscovery: eDiscovery Trends

I’ve said numerous times that eDiscovery isn’t just about litigation anymore – eDiscovery workflows can be used for an increasing number of use cases. You can add Incident Response to that list of eDiscovery use cases.

The statement “a data breach happens somewhere in the world every day” is not correct. Several data breaches and data compromises happen every day around the world. According to the Identity Theft Resource Center (ITRC)’s 2021 Data Breach Annual Report (covered by us here), in 2021, there were more data compromises reported in the United States of America than in any year since the first state data breach notice law became effective in 2003. And the overall number of data compromises (1,862) in 2021 is 237% more than the number of data compromises in 2015 (785), just six years earlier!

What happens when a data breach or data compromise occurs within your organization? Your customers are likely to be affected.

When your organization suffers a cyberattack, the notification process to affected customers is critical. For your customers to be able to protect their personal data, they need to be notified in a timely manner so they can take steps to mitigate any potential damage. But you first must identify what customers were affected and what personally identifiable information (PII) of those customers was exposed.

Remember earlier this month when I covered this data breach that illustrated how the timeline for notification of customers potentially affected can be more than 287 days? One of the biggest reasons for the delay is the process of identifying affected customers and what data of theirs was exposed.

Many organizations are turning to eDiscovery workflows and solutions to help with this process. Just like any other eDiscovery workflow, incident response can include collection, analysis, processing, review and even production. While the approach and goals of an incident response eDiscovery workflow may be different than that of a litigation workflow, eDiscovery workflows and solutions can help you identify what data was compromised, which customers are affected because of the compromised data and automate the notification process.

So, add Incident Response to the ever growing list of use cases for eDiscovery workflows and technology.


So, what do you think? Do you agree with me that we should add Incident Response to the list of eDiscovery use cases? Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by my employer, my partners or my clients. eDiscovery Today is made available solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Today should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.


  1. This is a very interesting proposal, I am going to present it to my company’s Data Governance team to review from an IT/IG standpoint for applicability.

    On a similar note, I am considering a process for using the eDiscovery process, specifically legal holds, for managing departed employee email accounts. While I’m not necessarily in favor of “cluttering” legal hold processes with non-litigation or regulatory issues, it does have some “quick and dirty” applicability. But discovery processes, workflows, and apps have many uses, one other is in Acquisitions, Mergers, and Dispositions…have used it in part for a company sale and worked well.

    Aaron Taylor

Leave a Reply