eDiscovery Leaders Live: Brian Wilson of BDO
Brian Wilson, Managing Director, Data Breach Advisory & Cyber Forensic Services at BDO USA LLP, joins George Socha, Senior Vice President of Brand Awareness at Reveal, for ACEDS #eDiscoveryLeadersLive.
“Brian leads BDO’s Data Breach Advisory services which assists organizations across the data breach lifecycle. He works with organizations to mitigate the risk of data breaches and identify when they occur; contain data breaches and minimize the impact on organizations; and to holistically remediate vulnerabilities, harden defenses, incorporate lessons learned, and comply with regulatory reporting requirements, consumer data breach notifications laws, and third-party contractual obligations. He has spent over 25 years helping organizations with their most complex and challenging issues across the legal, privacy, risk, compliance, crisis management, information governance, and cybersecurity functions. He specializes in integrating leading, purpose-built, and emerging technologies including cloud, machine learning, and artificial intelligence to process information at scale and reduce the time it takes to report credible, reliable, and repeatable results with unwavering quality, consistency, and transparency.
After sharing what brought him to his current role, Brian focused on data breach responses. He discussed the overall process and talked about what happens in the first 72 hours. Brain enumerated different forms of AI they use to improve the process of responding to data breaches, spending the bulk of his time on AI models – how they build and refine them, what they do with them, and the value they and their clients derive from them. He talked about the jurisdiction-based models they create, porting them from one matter to another, and stacking and packing them for greater effectiveness. Brian also discussed other forms of AI they use including image classification as well as working with structured data.
- [1:13] Introducing Brian.
- [1:36] Brian’s background, his path to BDO, and his role there.
- [3:49] Brian’s take on solving data breach issues.
- [4:48] Evangelizing AI and machine learning for addressing data breaches.
- [5:17] The first 72 hours in the life of a data breach response.
- [6:50] The major steps in the first 72 hours.
- [7:48] When they first use AI in data breach responses and how they use it.
- [9:38] What “data estate” means.
- [10:13] More about what they do with AI models.
- [12:35] Building, testing, and using AI models, especially portable ones.
- [13:37] Building and using AI models by jurisdiction.
- [14:34] Using a stack-and-pack approach to AI models.
- [15:06] Who they use to build AI models.
- [16:06] Refining AI models.
- [16:16] The inapplicability of AI bias concerns to the models they build.
- [16:43] The results they get by using AI models.
- [17:43] Clients’ comfort with this approach.
- [18:51] Jurisdictional challenges.
- [19:44] Addressing data inside versus outside the data estate.
- [21:22] Using image classification in data breach responses.
- [23:26] Addressing content in multiple languages.
- [24:17] Addressing audio and audiovisual files.
- [25:05] Addressing structured data.
- [26:13] What organizations facing a data breach should do.
- [27:36] Proactive measures companies can take.
- “[Solving data breach issues] is a little bit like the wild, wild west at the moment in terms of what tool, what technology, what talent is on the team helping our clients solve their issues, what processes they use.”
- “By and large, with a data breach you’re looking for the needle in the needle stack. You’re looking for that PII, PHI, highly sensitive information that’s been outside of the data estate for an organization. And you’ve got to do it quickly.”
- “When we get that data set that we know needs to be looked at, that’s where we start applying the AI rules and methodologies in the most efficient way. If I’ve got a client operating in California, I’m starting there and pulling out the AI model for California and looking for PII, PHI, data elements that would be relevant to the California privacy laws.”
- “I’m a big fan of continuous learning models and applying them strategically in order to prioritize the review and get information out quickly.”
- “[When using entity extraction], the first issue is getting the data elements linked back to me, and then which is the right me? And the third element is, if I’m going to get a notification…, where do I live? … That’s where AI really helps.”
- “We’re building models all the time and we’re testing models all the time…. The thing that we tend to spend a lot of time on is not just the development of the model but it’s feeding the model and training the model and then really looking at the results to make sure that we’re getting precision and recall on our results as the model is deployed.”
- “What we’re building and using is models that not just learn for the one engagement but models that we can continue to build on and hone and refine and mature as we continue to help our clients.”