CRA’s Forensic Services Practice was retained by a global insurance and reinsurance conglomerate which had experienced a cyber breach to identify potentially notifiable and reportable information across numerous jurisdictions. Working with Counsel in the United Kingdom and United States, CRA developed a review methodology to capture information subject to the European General Data Protection Regulation (GDPR), US privacy laws, as well as data privacy regulations from Singapore, Bermuda, Australia, and New Zealand.
After complex custom scripting and automated extraction for structured and semi-structured files, the team engaged in data normalization, consolidation, and de-duplication, bringing down the notice population from 8.5 million to just over 530,000 individuals.
