Information Governance
Healthcare Breach Response at Scale: 750K Patients, One Month
Morae processed 750K patient records across 160+ hospitals in one month with flat-rate breach response.
Case Study
Strategic Scoping Reduces DSAR Review and Protects Sensitive Data
When a banking client received a broad, vague DSAR from a former employee, Morae defined the legal boundaries of disclosure under GDPR, designed a targeted review workflow, and built a framework for handling future requests.
The Challenge
A banking client was served a DSAR by a former employee whose contract had been terminated on grounds of redundancy. The request was extremely vague, broadly seeking disclosure of all information mentioning the individual's name — including confidential business activities and information unrelated to the redundancy decision.
The client faced three core issues:
- The scope of the request was overly broad and lacked specificity.
- There was a risk of inefficient review and unnecessary disclosure of sensitive business information.
- The client needed to ensure compliance with GDPR and relevant legal precedent while maintaining cost efficiency.
Our Approach
Early Case Assessment
Morae's project management team conducted an initial scoping exercise to define entitlement boundaries under GDPR and case law. This assessment clarified that the data subject was not entitled to all documents mentioning their name, but only those relevant to personal data and the redundancy decision.
Workflow Design
Leveraging years of DSAR experience, Morae guided the client in developing a targeted review workflow. This approach prioritized documents containing personal data and excluded irrelevant or confidential business information, avoiding an inefficient "review everything" strategy.
Standardization for Future Requests
Morae assisted the client in creating a standardized DSAR response framework. This included clear communication templates to inform future data subjects of the limitations of DSAR disclosures, ensuring transparency and reducing ambiguity in subsequent requests.
Technology Enablement
Advanced filtering and analytics tools were deployed to streamline document identification and reduce review volume. Morae's technology-driven approach ensured accuracy, speed, and compliance throughout the process.
The Results
Morae significantly reduced the review population, delivering a cost-effective and timely solution. The client achieved full compliance with GDPR and legal precedent while avoiding unnecessary disclosure of sensitive business information. The standardized response framework also positioned the client for efficient handling of future DSARs.
Related Solutions
More Client Stories
Information Governance
Global Managed Review for a Cryptocurrency Investigation
Morae managed the review of 1M+ documents across four continents for a crypto regulatory investigation.
AI Managed Solutions
One Reviewer, 700 Pages: AI-Powered Contract Analysis for a $200M Tender
One reviewer used MorAI to analyze 700+ pages of tender documents for a $200M contract, saving three days.
Information Governance
From 2.9 Million Documents to 416: Precision Scoping for a Complex DSAR
Morae reduced a 2.9M-document DSAR to 416 disclosures through scoping and client-validated exclusions.
Information Governance
Multi-Language DSAR Review Across Documents and Audio
Morae scoped a multi-language DSAR across 144K documents and 90 hours of audio, excluding 90% from review.
Legal Technology
Cleaning Up Decades of Data Before a Records Management Overhaul
Morae used Discover to analyze 4TB of unstructured data, helping TRA clean up decades of ROT before migration.
Legal Technology
Modernizing Case Management for Client Transparency
Morae modernized case management at Gilchrist Connell with ShareDo, delivering in under six months.
Legal Technology
How cctax Built a Modern, Secure DMS with Morae’s iManage Cloud Solutions
Morae deployed iManage Cloud for a Clifford Chance spin-off, delivering a secure DMS from day one.