Data Mapping Personally Identifiable Information (PII)
A critical workstream necessary for ensuring compliance with privacy regulations is one that’s often overlooked, the data mapping of PII in your systems. However, enterprise architects in many organizations assemble data maps without fully accounting for essential attributes needed to fulfill data subject requests. Compliance and Privacy Partners survey your organization to narrow down systems and repositories where Personally Identifiable Information lives.
We simplify the process of working with application owners and administrators so you don’t have to. We find answers to questions like:
- Whether a system has PII (yes or no)?
- Whether it contains PII for consumers, employees, or third parties/vendors (or a combination)?
- What types of PII it contains (contact info, social security #’s, bank info)?
- What types of documents are collected, if any (resumes, leases, financial reports)?
- How is PII collected or entered into applications (by employees, by customers, by vendors)?
- Why is the PII collected (providing services to the customer, legal/regulatory operations?
Understanding where the PII exists is critical to making sure CCPA disclosures and communications stay accurate. For example, at this time, the law requires companies to disclose any data it collects about employees but not provide it as part of a request. Policies must be updated annually, so attributes should also be regularly updated to ensure consistency.
These comprehensive surveys produce a record that informs our privacy impact assessments and supports your privacy compliance exercises.