Before enterprises can achieve PII compliance, they must first identify every source of sensitive information in their possession. Since most personally identifiable information is hidden within unsearchable and legacy documents that are spread across ECMs, fileshares, email systems, and servers, however, there are many other sources of PII that often go undetected and unnoticed.
Read on to learn how organizations can reduce their PII footprint by tapping into the capabilities that file analytics platforms can offer.
Step #1: Define PII Compliance Policies
The first step towards achieving PII compliance is to build a robust PII policy. An effective policy needs to be created around the principle that no PII will be held anywhere in the company, unless it has business value, and unless there are regulatory reasons for retaining it.
PII compliance requires that you redact, migrate, cordon, encrypt, or password-protect PII data. But good policy means distinguishing between PII that can generate future value for your business, or that which is necessary for current operations (i.e. credit card numbers at point of sale), versus data that has proliferated into fileshares or emails for other uses (i.e. as part of a dataset for a marketing research project). Good policies also distinguish between that same rogue PII and the data that must be preserved to ensure compliance with regulations (i.e. records of customer conversations).
Step #2: Locate All PII & Complete an Audit That’s Aligned with Policies
Once you have created the PII policy that ensures you can protect customer data while retaining your ability to derive business value from it, the next step is to use file analytics to find PII wherever it resides in your enterprise. File analytics enables you to identify PII, convert assets containing PII into searchable formats, and extract values from those documents. In short, file analytics allows you to perform an audit on all your PII and evaluate whether that data is compliant with your policies.
Because file analytics can highlight information assets that contravene your policy, it gives you a “stick” to enforce compliance. Being able to locate, flag, and remediate dubious PII gives you the opportunity to “corral the cowboys” while staying on the rails.
Step #3: De-Duplicate Redundant PII
Once your PII audit is complete, the next step is to bring order to the content chaos you have uncovered. When file analytics searches your data stores and examines all the unstructured data that may have been hidden from you (emails, attachments, TIFFs, etc.), it inevitably reveals copious amounts of duplicate data—data that was collected for an initial, valid business reason, but then copied for other internal uses. This is a great time to remove all that redundant, obsolete, and trivial (ROT) data by de-duplicating. Taking this step will significantly reduce your entire content store. When you get rid of the ROT, you’ll be left with a greatly reduced PII footprint that’s easier to manage.
Step #4: Use File Analytics to Automate PII Remediation
Once you have removed duplicate data, the next step is to determine what to do with the questionable PII flagged by your audit. In most cases, the sheer volume of highlighted files will make any kind of manual approach to remediation impossible. The flagged documents are, instead, best dealt with using file analytics’ process automation and workflows. These powerful, machine-learning based tools allow you to create automated workflows to deal with every type of PII remediation that’s needed for PII data security.
Files that need to be retained can be transformed into PDF/A assets for long-term digital preservation. Documents that are appropriate sources of PII, but just in the wrong place, can be cordoned or migrated to secure systems. In other cases, policy might call for automated workflows to encrypt, password-protect, or redact the rogue PII in question.
Step #5: Commit to These Steps on an Ongoing Basis
The final step in reducing your PII footprint is to recognize that the first four steps will help you achieve compliance in the short-term. As your enterprise continues to operate and evolve—and as data proliferates along with it—your PII footprint will only reanimate itself if you don’t manage it on an ongoing basis.
The best practice for maintaining PII compliance is to review and revise your policies continually and run file analytics audits daily—so that that duplicate content can be removed and flagged PII can be migrated, cordoned, or redacted. This requires no extra work since you already know where all your PII is located, and you will have built the file analytics workflows to deal with every eventuality. File analytics workflows can run automatically every night or outside of business hours, which minimizes operational disruptions.
Enterprises that leverage file analytics to excise content chaos and ROT data are well-positioned to meet PII compliance requirements and get a handle on rogue PII. By utilizing file analytics to pick up where manual efforts fall short, you will no longer have to worry about the risks of hidden PII lurking in dark formats. Additionally, with a clean, streamlined, and fully searchable dataset, you will be better positioned to harvest value and greater insights from your data in the future.