Case Study
Data Subject Access Request Document Review
With the advent of GDPR, companies entered a new era of regulation around how they collect, handle and store personal data belonging to EU citizens. This includes the fulfillment of data subject access requests (DSARs), in which individuals can exercise rights and inquiries relating to the personal information an organisation has about them and how it is managed. In the first year of GDPR enforcement, more than 70 percent of surveyed organisations indicated an increase in DSARs.
Situation
In this matter, the DSAR was related to a potential employment issue and involved U.K.-based documents. The request came with a tight deadline of only four business days and followed a few months after a mediated allegation by the requestor involving claims of bullying and harassment. Given the client’s longstanding relationship with FTI Consulting, it engaged the firm’s U.K.-based managed review team to review documents for the request.
FTI Consulting completed review and redaction of thousands of documents within a four-day timeline in response to the data subject access request served on FTI’s client, a U.S. based software company.
Using a combination of automated redactions for email addresses and phone numbers, reviewer QC of automated redactions, manual redactions for commercially sensitive, privileged, and/or sensitive personal information related to individual’s other than the requestor, FTI was able to ensure documents were fully prepared on-time for the production deadline.
Solution
Leveraging FTI Consulting’s U.K.-based forensic technology and managed review team, a fast-paced review was initiated. FTI led the matter, providing the client with:
- Deployment of an adequately sized team of experienced qualified lawyers in the U.K., in less than 24 hours.
- Organisation of review workflow, including prioritisation of documents with less than 20 recipients as more likely to include the requested data.
- First-level review of more than 5,000 documents.
- Documents eligible for redaction organised into workflows based on email thread and near duplicate scoring, to increase the efficiency and consistency of review team’s redactions.
- Redaction review to ensure the removal of any commercially sensitive, personally identifiable, and/or privileged information that should not be visible to outside parties.
- Redaction in native format for large excel sheets and in image format for other file types.
- Quality control workflows and oversight to ensure a thorough and defensible review.
Our Impact
Compliant fulfillment of DSAR review in less than four days.
Results provided by FTI Consulting’s managed review team included:
DSAR Completion
FTI Consulting’s team applied specialised DSAR workflows and technologies including email threading and near duplicate identification to perform a first level review of approximately 5,000 documents, and tagged roughly 400 documents for automated redaction to ensure an on-time and efficient fulfillment of the DSAR.
Rapid Response
Qualified lawyers were deployed within 24 hours, to begin review quickly and within the short turnaround time.
Commercially Sensitive, Privileged, and PII Redactions
FTI ensured removal of PII not belonging to the data subject, along with privileged and/or commercially sensitive information, providing efficient, image and native format redactions for 400 documents.