Serious Harm Assessment Using Agentic AI
- Tuo Zeng
- Jun 3
- 6 min read
Tuo Zeng
Head of AI and Data Science
Meaningware AI
What is Serious Harm Assessment
Under the OAIC’s Notifiable Data Breaches (NDB) scheme, Serious Harm Assessment (SHA) is a mandatory process whereby organisations determine if a data breach is likely to result in significant physical, psychological, emotional, financial, or reputational damage to individuals. It is part of the OAIC’s criteria in determining whether a data breach is notifiable. The diagram below outlines the key analysis required for producing a serious harm assessment.
A serious harm assessment requires multi-faceted analysis drawing upon breached personal information, circumstances of the data breach and nature of harms to individuals. To carry out SHA analysis, a data breach incident handler usually engages multidisciplinary expertise including law firms, consultancies specialising in privacy regulation and legislations, data forensics, 3rd party or inhouse cybersecurity, IT and data governance teams. They collaborate in:
Collection of breached data and incident information
Analysis of personal information disclosed in breached data
Cross-checking and cross-referencing breached data and contextual information with internal and external knowledge
Gathering evidence and authoring reports
Because these activities are labour and knowledge intensive (even though privacy information discovery is increasingly supported by AI technologies), SHA remains largely a manual process, incurring significant time and financial cost to breached clients and cyber insurance underwriters. Once a data breach is believed to have occurred, organisations only have 30 days to assess suspected breaches and must notify the OAIC and affected individuals if the risk of serious harm is likely. Therefore, any technological advancement in automating the SHA process is welcomed by breached victims, incident handlers and insurance underwriters.
Why is Agentic AI Applicable
Agentic AI is a type of AI that operates autonomously, making decisions and pursuing goals without asking for human guidance. In contrast to vanilla LLMs, agentic AI is able to drive multiple reasoning steps and autonomously call external services/tools to gather information and execute actions. Suppose we want to achieve the goal of producing SHA reports for each affected person in a data breach incident, we can map the key components of SHA to agentic AI, as explained in the table below.
Serious Harm Assessment Requirements | Supported by Agentic AI |
Multidisciplinary expertise | Emulating multidisciplinary experts’ reasoning and analysis using Chain-of-thoughts (CoT) |
Analysis of large quantities | Using tools to query personal information and sensitive information in a database |
Cross-checking and cross-referencing | Maintaining context windows that combine aggregated personal information, contextual info and internal/external knowledge to make decisions through LLM prompting. |
Evidence presentation and reporting | Tracing reasoning steps. Configuring tools for report generation. |
Agentic Serious Harm Assessment
To integrate agentic AI enabled Serious Harm Assessment in a NDB reporting workflow or data mapping solution, we propose a four-tier architecture shown below:
Raw data layer. This layer includes the breached dataset (e.g. email archives, documents and database dumps or samples) as well as digital evidence (e.g. attack logs, reports produced by cyber security SMEs). The data is typically made available for analysis by cyber and/or IT teams after breached data is quarantined. Agentic AI only reads data in this layer.
Privacy Intelligence layer. This layer maintains privacy information discovered from the raw data. The privacy intelligence includes personal information, sensitive information and affected persons. To support SHA requirement for analysing the circumstances of data breach, this layer must link the discovered privacy information to the raw data to maintain a visibility of breached information to its context. Meaningware’s automated privacy discovery tool, PIN, builds a database of personal information from the scanned data. PIN can fit this purpose nicely, although other personal information repositories can also serve this purpose.
Assessment layer. This layer hosts AI agents to perform assessments such as Serious Harm Assessment. The SHA agent is configured with reasoning steps defined by the OAIC NDB serious harm assessment methodology. It is also configured to query the privacy intelligence layer about disclosed personal information (ref. Breached PI), capable of exploring its context by following links to raw data (ref. Understand circumstances of breach) and consuming information in incident reports (ref. Analyze nature of harms). More advanced reasoning involves studying corporate privacy policies and industry regulatory frameworks to detect gaps in complying with these stated principles.
Business process layer. The assessment agents can be exposed as an API to participate in a corporate workflow for data breach control or as a proactive governance solution.
Example
At Meaningware.ai, we piloted an agentic SHA system on top of the PIN platform using the architecture described above. Like many NLP projects, our study used a subset of the Enron dataset, which contains about 500k emails from various employees and associates of Enron, an American energy company that went bankrupt in 2001 due to fraud and corruption. One such employee “Rick Shapiro” was an executive at Enron. Within the Enron dataset, there are two documents about “Rick Shapiro”:
MWPI1327.PDF: a financial investment portfolio
MWPI1346.mht: an email trail
After our system scanned the Enron dataset, we asked PIN to produce a SHA about “Rick Shapiro”. PIN produced the following assessment:
Based on the provided information, the likelihood of Rick Shapiro experiencing serious harm if this data is involved in a data breach is HIGH. Here is an assessment of the potential harms, their likelihood, and the resulting consequences: 1. Identity Theft (High Likelihood, Severe Consequence)
2. Significant Financial Loss (High Likelihood, Severe Consequence)
3. Threats to Physical Safety (Moderate Likelihood, Severe Consequence)
4. Harassment, Humiliation, or Social Friction (Low to Moderate Likelihood, Moderate Consequence)
Conclusion The most critical risks to Rick Shapiro stem from the exposure of his Social Security Number, home address, and highly detailed financial accounts. Immediate remediation measures—such as placing a freeze on his credit, notifying his financial institutions to flag his accounts for fraud, and monitoring his personal email for phishing attempts—would be highly recommended to mitigate the severe risk of identity theft and financial ruin. |
Key Takeaways
We demonstrated that agentic AI can be applied effectively to automate serious harm assessment under the OAIC NDB scheme. Additionally, we showed how the key aspects of SHA methodology can be systematically mapped to a multi-layered agentic AI architecture.
Our pilot specially highlights the ability of the agent to reason about regulatory specifications outlined by OAIC NDB scheme. This reasoning can be tailored specific to incident scenarios. For example, if the current data breach is caused by an internal exfiltration or ransomware, the reasoning can be tailored to the nature of the attack. Cybersecurity team’s reports can be used as evidence by the SHA reasoning process.
Law firms or privacy advisories are regularly producing SHA reports. However, the sheer volume of affected documents and persons in a data breach matter make it impractical to report SHA for each affected person, considering the amount of work in gathering and cross-checking of evidential details in reporting. With agentic SHA, we demonstrate that this can be done automatically, at scale and at low cost.