With virtually every transaction and service having gone digital, and people moving most of their lives online, securing personally identifiable information, or PII, has taken on ever-increasing importance. Every data breach where PII is stolen is a reminder of why companies must focus on protecting customers’ and users’ PII.
However, for companies that have not been identifying and categorizing PII from the get-go, locating PII and other sensitive information throughout databases and networks can be as herculean a task as getting through your email inbox after returning from vacation.
Companies need to know what PII they have collected and where that information is within their networks. Otherwise, they will be tempting legal liability under privacy laws regulating the treatment of PII. Companies may also suffer a severe public relations hit if they become the victim of a data breach that includes PII that was not properly stored or managed.
Every organization that handles PII should familiarize itself with the many PII discovery tools that have come onto the market in recent years. These tools can make it easier for them to identify, locate, and secure any PII in their possession to comply with government regulations and to protect against data breaches.
PII Discovery Tools: Your Secret Weapon in the World of Data Privacy
PII discovery tools give companies the ability to manage the PII in their possession. Previously, they may have tried to secure PII with other types of software, such as data loss prevention or privacy software. However, this software may not have the same capabilities as PII discovery tools, like the ability to specifically target PII or to manage specific categories of PII.
While some companies may have a small enough amount of PII that they can manually find and manage it, others will have way too much PII to manually manage and will need automated tools to stay on top of all the PII on their networks.
Various state and national regulations around the world, such as HIPAA, the California Consumer Privacy Act, or the EU’s GDPR, as well as voluntary industry security standards like PCI DSS, require companies to know what PII is on their networks, where it is located, and how to access it for secure storage or in response to requests from the person the PII belongs to. Companies who do not follow regulatory standards may face government investigations, fines, or even shutdown orders until they comply with those standards.
Already drowning in software, some companies may resist buying more software because of the perceived costs of the tools and having to train their employees on them. But given the importance of managing and securing PII, dedicated PII discovery tools can offer efficiency that outweighs any issues integrating another software solution and can save money in the long run by helping to prevent a company from running afoul of privacy regulations.
Setting Your Sights: Defining Goals for PII Discovery
Companies can get the most out of new PII discovery tools by understanding what their PII management needs are and how specific tools can meet those needs. Establishing clear objectives for PII discovery solutions begins with identifying what kinds of PII your company collects. You should also identify the regulatory frameworks your company or platform must follow and what those regulations require your company to do regarding PII. Finally, you need to know how sophisticated your company’s IT staff is.
For example, smaller companies that don’t have dedicated, highly skilled IT teams might not want a complex PII discovery tool that requires technical knowledge to configure and maintain. Likewise, companies that don’t collect significant amounts of PII may not need a tool that offers significant capabilities. A less powerful, easier-to-use tool may do the trick.
Defining your company’s goals for PII discovery should be a collaborative process that involves your colleagues (and kickball teammates?) in operations, legal, and IT.
Inside the Toolbox: Unveiling the Power of PII Discovery Tools
There are a variety of PII discovery tools on the market today, with each platform offering different capabilities to suit various types and sizes of companies. Some of the top PII discovery tools available include:
- OneTrust – A solution used by many larger companies designed to comply with regulatory requirements. OneTrust uses PII detection machine learning to identify sensitive data. The tool also offers a third-party risk product for companies that do not solely own or control PII
- Nightfall – A web-based SaaS that uses machine learning to identify PII, although the tool requires companies to set up configurations for handling PII. Teams can create configurations to delete extraneous data, quarantine PII, or trigger other alerts. Nightfall also offers integrations with many popular platforms, such as Slack, GitHub, Google Drive, and AWS. The tool has templates for compliance with regulatory schemes like HIPAA, GDPR, and CCPA
- Engyte – A SaaS tool designed for companies of all sizes. Engyte uses AI and provides compliance settings for companies subject to SOX, HIPAA, or GDPR. The tool can search databases, device applications, and cloud collaboration/storage platforms
- Azure Information Protection – A cloud-based solution that uses Azure Rights Management Services to secure PII data. Users can employ the automatic classifications in the software or configure custom classifications. These classifications can determine access rights and impose encryption
Logikcull also offers a PII discovery and management tool. Logikcull’s tool provides a secured closed-loop system that allows managers to restrict employee access and provides a collaboration space. The tool can collect PII in seconds from various data sources your company may have, such as Microsoft or Google solutions, Box, or Slack, without you having to look at a single document. Logikcull automatically indexes, deduplicates, and sorts PII based on common search filters, such as DOBs, SSNs, phone numbers, or financial account numbers. Custodians can then locate categories of PII no matter where it lives on your company’s system.
How PII Discovery Tools Are Reshaping the Legal Landscape
PII discovery tools are a powerful solution for legal teams engaged in private litigation or another legal proceeding requiring that they produce documents. Many documents that companies must produce during litigation or other proceedings or in response to FOIA requests, such as investigative files or personnel files, may contain PII. However, PII must be redacted, lest counsel incur the wrath of their client, the individuals whose PII has been produced, the court, the bar, or government privacy regulators. With PII discovery tools, legal teams can quickly identify and redact PII data from documents that will be produced.
Many legal professionals who have decades of experience can share war stories about how, after walking to the office uphill both ways, they redacted PII by carefully reading printed documents and using white-out or black markers to physically cover up sensitive materials. Although technology later enabled redactions on electronic copies of documents, document reviewers still faced the risk of missing a piece of PII during a manual review. Early redaction software also often failed to block metadata, allowing a tech-savvy individual to access restricted information.
But today’s PII discovery tools speed up the redaction process and significantly reduce the risk of a company inadvertently disclosing PII.
Modern PII discovery tools help companies identify and secure personally identifiable information or personal health information quicker and more reliably than traditional manual review. Various state, federal, and international regulations impose strict requirements on companies to protect customers’, users’, and employees’ PII. For many companies, locating and securing PII can seem overwhelming.
Thanks to AI and machine learning, today’s PII discovery solutions can reduce the time it takes to find, review, and redact PII to seconds, and integrate with other software tools to sweep an organization’s entire network in search of PII.
With PII discovery and management becoming faster and cheaper for even the largest companies to pull off, any company, regardless of its size, will be hard-pressed to explain why it collects PII without enlisting the help of PII discovery tools.