Why track your sensitive data
As a company, you should find your files with sensitive information for several important reasons:
- Compliance: Many countries and regions have laws and regulations that require companies to protect the sensitive information they have. In the EU, there is GDPR, which requires companies to protect personal data. If a company cannot find and protect this information, it risks breaking the law and being exposed to fines and legal consequences.
- Customer trust: Losing or leaking sensitive information can damage customer trust and reputation. If you do not know where this information is, you cannot protect it effectively against hacker attacks or data loss.
- Data governance: Finding and organizing sensitive information helps improve a company’s overall data governance. This makes it easier to know what data you have, where it is, who has access to it and how it is being used.
- Security: Knowing how sensitive your information is, you can implement appropriate security measures, such as access control and encryption, to protect it from unauthorized access and misuse.
- Effective response to security breaches: If a security breach occurs, it is crucial to be able to respond quickly and effectively. If you don’t know where your sensitive information is, it can be difficult to determine what data has been compromised and how to respond.
Ultimately, it is important for companies to find and protect sensitive information as a fundamental part of their responsibility to protect customers, comply with laws and regulations, and maintain sound business practices.
How to find your sensitive personal data
When you need to find your files, emails and pictures with personal information, you should follow these 3 steps:
1. Know what to look for
The number of different types of personal information is huge. Therefore, it is a good idea, before you start finding your personal data, to define exactly what information you are looking for. Here is a list.
2. List your storage locations
Where do you and your team store all the data you collect? Here are a few types of locations that must be checked for sensitive data:
- Local drives
- Network drives
- Cloud storage
- Email folders
- Online services
Most companies do not just use one type of cloud storage, and most employees (unfortunately) do not always use their work computer or email. Therefore, the list of individual locations you will need to check for sensitive data will quickly become much longer.
3. Choose your method of finding data
Now you know what to search for, and where you might find it.
However, this only shows what a big job you have in front of you. How can you be sure you identify every ID number, credit card number, medical condition, political opinion, etc., that has made its way into your storage locations?
Here are three options for data discovery:
- DIY. Assign someone from your own team to sort through files. This option is expensive because it is so time-consuming. It is also prone to errors and the process may expose you to breach in and of itself if it is not handled properly.
- Hire a service. Hiring a data discovery service to find your sensitive high-risk files is another option, but it still does not eliminate the risk of human error, it exposes sensitive data to more eyes, and it is very expensive.
- Get smart software. Using smart data discovery software to automatically find sensitive data in your systems is an easy, cost-effective way to perform regular data inventories and evaluate your risk exposure.
What to do once you have found your sensitive data?
Some companies may hesitate to perform a data inventory because they are afraid of the issues they might find. But in fact, just having the data inventory done will give you a huge advantage if you are audited by the authorities, as visibility and documentation are an important part of compliance. And if you are exposed to a cyber attack, a data inventory will help you hide the values
Here are a few additional things you can do once you have your data inventory:
- Make sure you have consent or another lawful basis to keep data you store
- Delete sensitive data you no longer use or if you do not have a legal basis to store it
- Restrict access to certain files to only those who need it
- Protect sensitive data at rest and in transit
- Prepare an impact assessment (DPIA) for your data. Download a free template here.
A smarter way to find your sensitive data
Instead of spending hours each month finding your data, which contains personal data, you can solve the task much faster and more precise with a digital tool. In Safe Online, we have developed DataMapper, which is a browser-based data discovery tool that uses artificial intelligence to find files, emails and images that contain personal data across the company’s data systems.