OneTrust, the market-defining platform helping organizations use data and AI responsibly, is unveiling the Privacy Breach Response Agent, an agent-based solution for improving the effectiveness and efficiency of incident response. Built with Microsoft Security Copilot, Privacy Breach Response Agent infuses data privacy programs with the necessary speed, scale, and precision required by modern enterprises.
The OneTrust Privacy Breach Response Agent is designed to unify various pieces of incident response and analysis—including both security requirements and regulatory privacy requirements if personal data was exposed. With traditional approaches to data privacy plagued by short response windows and fragmented notifications, Privacy Breach Response Agent uses AI agents to handle and analyze investigations more holistically, at a higher quality, and in a short period of time, according to OneTrust.
"An agentic approach to privacy will be game-changing for the industry,” said Blake Brannon, chief product and strategy officer at OneTrust. “Autonomous AI agents will help our customers scale, augment, and increase the effectiveness of their privacy operations. Built with Microsoft Security Copilot, the Privacy Breach Response Agent by OneTrust demonstrates how privacy teams can analyze and meet increasingly complex regulatory requirements in a fraction of the time required historically.”
At its core, Privacy Breach Response Agent combines OneTrust’s deep privacy and regulatory expertise with Microsoft Security Copilot’s generative AI (GenAI) capabilities, delivering an effective solution for handling incident response.
“We are pleased to see the work OneTrust is doing built on Microsoft Security Copilot, to deliver better outcomes for customers, and showing the potential of agentic AI,” said Andrew Conway, VP security marketing at Microsoft.
In the event of a breach, Privacy Breach Response Agent executes the following steps:
- Evaluates the scope of the breach, collecting information and notifying the privacy owner that the agent has begun investigating.
- Identifies jurisdictions of the individuals impacted and maps to the correct laws.
- Assesses regulatory requirements and determines the appropriate breach notification regulations.
- Generates guidance according to the agent’s breach response requirements mapping of the regulations to the specific incident, pre-populates an incident report, and provides relevant recommendations.
- Continuously collaborates with the privacy team to ensure stakeholders are informed and aligned through the breach response.
- Creates an audit log of each step, decision, and action it takes, as well as the regulatory data used to generate its guidance.
The Privacy Breach Response Agent by OneTrust will be available summer 2025. To learn more about OneTrust, please visit https://www.onetrust.com/.