Information governance and privacy services

Using forensic and electronic discovery technologies and tools, EY teams help organizations inventory and align sensitive and critical data to its enterprise systems and develop data maps to track data throughout its life cycle. Data maps allow an organization to understand whether personal information is being used or stored beyond its original, lawful purpose and to implement the proper controls for sharing data with third parties.

EY teams help organizations design and implement workflows to efficiently respond to DSARs based on their data privacy requirements, processing activities, organizational structure and IT environment. In designing workflows to address a DSAR, EY teams identify when it is necessary to redact non-relevant and confidential information across the enterprise and build in the appropriate processes. Aided by an interactive EY case management tool, compliance and legal professionals can review DSARs for relevancy, privilege and confidentiality. The tool’s robust audit trail capability allows investigators to perform thorough reviews and provide strong supporting documents in the event of a regulatory inquiry.

Privacy impact assessment (PIA) — EY teams review a solution’s entire life cycle to identify potential compliance gaps, and document how privacy protection is embedded based on relevant regulatory or legal requirements. Operating under one standard global methodology, they also help build PIA workflows and controls for ongoing compliance monitoring as the solution evolves over time. Using AI and data analytics technologies, the teams perform risk analysis to provide the organization with the risk and business insights it needs to solidify its privacy risk management programs.

To identify various scenarios of data misuse and privacy violation by third parties, EY teams perform contractual reviews, fact-finding interviews and forensic data analyses. The work focuses on a wide range of potential risky areas, such as data removal, transmission, encryption and audit. EY professionals use these investigative and forensic findings to help organizations benchmark against their peers, develop impact analyses and remediation plans, as well as prepare for potential litigation or regulatory inquiries.

EY teams help companies manage separation activities for both electronic and physical documents during complex merger and acquisition activities. Using advanced text analytics, electronic discovery and document review technologies, EY professionals collaborate with companies throughout the transaction and help them develop principles, guidelines, decision matrices and detailed plans for data separation and integration. Services also include demand and capacity planning, release coordination, inventory creation and overall project governance. EY teams offer a “low-touch” approach for hard copy records that relies on statistical sampling and machine learning to reduce the need for manual reviews.

EY professionals work with organizations to manage legal and compliance concerns resulting from the improper use of AI and analytics for various business and operational purposes. The services cover a wide range of risk scenarios such as employee error, algorithmic bias, faulty algorithm design, malicious manipulation and poor data quality, all of which can compromise the intended outcome of AI systems and lead to noncompliance with data protection and privacy regulations. The EY team has professionals with deep knowledge and experience in data science, algorithm design, forensic investigation and cybersecurity. They stay on top of the latest digital risks and AI use cases to help organizations safeguard their digital assets and comply with regulatory requirements while using AI and data analytics to meet business objectives.

EY professionals help design and implement disposition decision frameworks that leverage innovative workflows and technologies, including advanced analytics, to dispose of data that has exceeded retention and legal preservation requirements. The work includes working with legal counsel to inventory an organization’s legacy and active preservation requirements and develop technology-enhanced workflows that efficiently operationalize both routine disposition and individual requests by data subjects to delete their personal information. EY professionals also assist legal, compliance and IT departments to identify retention requirements for records and enterprise information to meet regulatory and business obligations while also supporting timely disposition.