By Nathan Alamillo, Northwestern Pritzker School of Law third-year law student, and Dan Linna.


The Catalog of Law Firm Innovations identifies innovative tools that law firms have implemented to improve their delivery of legal services to their clients. An updated version of the Catalog, which will be released in early 2023, contains more than 825 entries, including seventeen law firms that have created data-breach assessment tools. These tools help clients react to data-breach incidents and provide guidance about how to comply with data privacy laws of various jurisdictions. These seventeen law firms each created one to three data-breach assessment tools of varying forms and uses.

A data-breach assessment tool is a computer-based product that clients can use to obtain a legal solution and guidance when they experience a data breach, or to prevent data-breach incidents. These tools may take the form of algorithmic tools that assess the risk of a client’s situation by obtaining responses from the client as inputs and producing an output, typically a data-breach risk assessment report. A client inputs their factual circumstances, usually by answering a series of questions in a survey or digital interview, and then receives responses in the form of potential action items to their data-breach incident. These tools provide a useful and cost-effective product to clients that gives them guidance on how to react to their specific scenario.

In the Catalog, most of the data-breach assessment tools are classified as an “expert system.” This is a rule-based product that organizes expert knowledge and provides direction to clients who input information in response to questions. However, data-breach assessment tools take a variety of forms, with some of them serving as “information management” or “data analytics” tools, depending on how they assist clients.

Data-breach assessment tools are a leading example of the productization of legal services. As compared to legal-services delivery in other areas, data-breach assessment tools provide an example of how law firms can give clients legal solutions in non-traditional forms. A handful of examples illustrate the variety of data-breach assessment tools that law firms are offering.

The LexShift Data Breach Notification Advisor is an example of a data-breach assessment tool that provides clients “automated analysis and advice” so that they can comply with federal and state data-breach notification laws. The tool learns about the client’s factual scenario through a digital interview, performs an analysis through an algorithm, and produces answers for clients. Through the tool, end-user clients receive legal guidance and advice.

DLA Piper’s “NOTIFY” is a “web-based tool” designed to bring “consistency and accountability into data-breach response handling.” The firm describes the tool as using a quantitative approach to measuring data-breach risks by using an algorithm to create an automated risk assessment report. DLA Piper says that the tool reduces what would be hours of conversation to perform a risk assessment of a company.

Reed Smith’s “Breach RespondeRS” works similarly. The tool identifies common factual data-breach situations and provides clients with a response to their data-breach incident. Clients answer a set of questions, and the tool identifies common risks to be addressed in a data-breach investigation.

CMS’s “Breach Assistant” is a slightly different type of expert system tool. It is an interactive mobile platform that provides clients legal advice on how to deal with a data breach. After clients answer questions in the app, they receive guidance on various data laws, a data-breach response checklist, and a digital menu advising whether a client must notify regulators and individuals.

Based on the data we’ve collected for the Catalog, eight UK law firms have created fifteen of these data-breach tools and eight US law firms have created twelve of these tools. Furthermore, we have seen that these tools are only a recent development. Seven out of the twenty-eight of these tools have been introduced in the past three years.

We are in the process of completing a significant update to the Catalog of Law Firm Innovations, which we plan to launch in early 2023. If you are aware of a law firm innovation that is not listed in the Catalog, including data-breach assessment tools, please use this link to submit it so that we can include it in the upcoming update to the Catalog.