What counts as a reportable breach
Not every incident is a notifiable breach. The threshold varies by regulator, but the working definition most counsel use is: unauthorized access to records containing PII or PHI, where the information cannot be confirmed encrypted or otherwise unreadable.
What the review team actually does
The review team’s job in a breach is narrower and deeper than in litigation. They are extracting names, contact details, account numbers, dates, and sensitive attributes from documents that may be partially OCR’d, multilingual, or in unusual formats. The output is a structured notification list, not coded documents.
The three failure modes
- Recall failure. Missing a person on the list is a regulatory and reputational risk. QC for breach prioritizes recall over precision.
- Entity-resolution failure. The same person appears in 12 emails but only gets notified once. If your tooling can’t resolve, you’ll over- or under-notify.
- Calendar failure. Most breach work fails on the deadline, not the substance. The fastest reviewers in the world don’t help if you start staffing on day 35 of a 60-day clock.
Talk to our breach team — most engagements scope in under 24 hours.