Search Close Talk to Sales
Relativity
Search
Popular Links
RelativityOne
Relativity aiR
Move from on-prem to RelativityOne
Artificial Intelligence
e-Discovery
Legal Hold
Collection
Early Case Assessment
Data Breach Response
Relativity Contracts
RelativityOne Government
Proactive Security
Close

Baker McKenzie Avoids Review of 300K Docs & Cuts Extraction Efforts by 75% with Relativity aiR for Data Breach Response

Customer Since
2013

Headquarters Location
Chicago, IL

Share Their Story

How did they do it?

  • Combined aiR for Data Breach Response with human expertise to successfully deliver results across two cyber incident responses
  • Used aiR for Data Breach Response to concentrate their review on documents more likely to contain personal information (PI) and to extract entity information from PI-containing documents
  • Delivered structured, notification-ready lists under regulatory deadlines, avoiding review of ~300,000 documents and cutting extraction effort by ~75%

Defensible Answers at Breach Speed, Without the Rework

In incident response, teams are expected to move quickly without sacrificing accuracy. It’s a big ask: they need to identify personal information, connect it to impacted individuals, and produce defensible outputs – all under tight deadlines and all while giving stakeholders clarity on business and commercial exposure.

Across two recent matters, Baker McKenzie showed how expert-led workflows combined with Relativity aiR for Data Breach Response can reduce manual effort and accelerate decisions without sacrificing rigor.

Incident 1: Dark Web Data Publication

A cybersecurity incident resulted in dark web publication of data relating to the client, the employees, the client’s vendors and vendors’ employees, and potentially third parties. Baker McKenzie needed to assess the data set for PI to determine statutory reporting obligations, while simultaneously identifying commercially sensitive information (CSI) included in the exfiltrated set.

Two workstreams, one coordinated outcome

Baker McKenzie designed parallel review workstreams with distinct teams and directives. The PI review team combined best-in-class PI search terms with Relativity aiR for Data Breach Response to focus review on a subset of documents more likely to contain PI.

Within that population, aiR for Data Breach Response helped extract entity information from documents containing PI. In-scope documents were further categorized by data subject type to determine whether any PI related to the client’s employees, an important step for notification analysis.

In parallel, the CSI review team reviewed all documents in the exfiltrated set to identify commercially sensitive information. As an additional quality assurance measure, the CSI team also checked for PI in documents outside the PI review population.

Fewer documents, faster answers

By limiting the PI review population to documents more likely to contain PI, the PI review team avoided reviewing nearly 300,000 documents. Of the 384,554 documents reviewed by the PI team, 877 documents contained PI, and none were for employees of the client.

Incident 2: Stolen Employee Data & Notification Readiness

A cybersecurity incident resulted in the theft of data belonging to the client and their employees. The team needed to identify PI to support statutory reporting obligations, under tight time and cost constraints.

A two-phase workflow built for scale

Following file analysis, threading, and deduplication, 515,832 documents were promoted to the RelativityOne workspace for review. Baker McKenzie assembled a team of reviewers and executed a two-phase approach. The first phase (“PI scoping”) determined whether a document contained PI. The second phase (“entity extraction”) captured data subject name, contact information, and PI data points connected to each individual.

Relativity aiR for Data Breach Response supported the workflow in two places:

  1. It helped flag documents that contain PI.
  2. It accelerated the entity extraction work needed to transform in-scope documents into structured, person-level outputs.

The extracted data was consolidated based on unique identifiers into single entity data rows, forming the final notification list.

Faster extraction, lower cost, stronger throughput

At the close of review, the team identified 12,413 documents with PI. Some in-scope documents contained only one data subject with an associated PI element, while others contained many hundreds of data subjects with multiple PI elements. The deployment of Relativity aiR for Data Breach Response reduced the entity extraction phase by approximately 75%.

Baker McKenzie continues to utilize technology like Relativity aiR for Data Breach Response to drive cyber incident response speed, efficiency, and strategic clarity, helping teams move from uncertainty to defensible answers faster. By combining experienced legal judgment with AI-powered workflows for PI identification and entity extraction, Baker McKenzie is able to deliver higher-quality outcomes under tighter timelines, reduce rework, and help clients make confident decisions when it matters most.

Ready to see what Relativity aiR can do for you?

Get a Personalized Demo