A breach of Personally Identifiable Information (PII) could result in an organization’s loss of public trust and legal liability.
While it is best practice for organizations to limit the use, collection, and retention of PII to only what is absolutely required for business purposes, oftentimes it is not known exactly what information is stored and where it is located to effectively manage it and ensure its protection.
The danger, for many enterprises, is they experience critical challenges in identifying, classifying and managing PII in an organized and protected way - leveraging a clear methodology to inventory information effectively.
Why is this a substantial concern? PII consists of key information which can be used to distinguish or trace an individual's identity, such as their name, social security number, biometric records and more, including, but not limited to, an individual's photographic image, fingerprints, handwriting, retina scans, voice signature, facial geometry, taxpayer identification number, passport information and credit card numbers.
A breach of PII could significantly damage a business.
In order to best leverage application portfolio management and protect critical information assets, an enterprise should consider navigating five key steps to a PII traceability and management framework.
- Application Identification: An enterprise must keep an application inventory scorecard, complete with application name, business function, size, platform and benefits. The goal is to develop and support an assessment framework design to prioritize the application portfolio while aligning highly valued information assets with supported business capabilities.
- Discovery & Analysis: With data mapping, organizational support and extensive legal and security requirement identification, the discovery and analysis step in a PII traceability and management framework addresses the business functionality, data mapping and interfaces required to help organizations gain greater visibility of information assets.
- Assessment: An enterprise must identify key data that needs to be compliant or is highly impacting an important aspect of the business in order to eventually sort out with the representation of the “Vital Few” rather than the “Trivial Many.” Such classification or ranking based on compliance, customer, and business impact helps the enterprise focus in on the primary drivers of data challenges.
- Future State Roadmap Design: Based on prioritization, solutions will be developed, thus this step in the PII traceability and management framework is all about implementation strategy, technical design and architecture and audit trail measures taken to manage the business and technical specifications of a phasing approach to remediation planning.
- Project Implementation: With a focus on information governance and communication strategy, the project implementation step in a successful PII traceability and management framework manages the escalation of the PII management plan, as well as any application decommissioning actions.
Protect Sensitive PII Information
Customer data protection is an emerging source of growth and competitive information management advantage for enterprises across vertical markets. Protecting customer data and other PII sources is a top priority for both security and risk leaders, as well as business leaders. Customer data breaches and privacy abuses lead to major short-term costs from the immediate breach response itself, as well as long-term costs resulting from decreases in customer loyalty and retention, not to mention lost business opportunities.