Enterprise Data Privacy – PII & PHI Data Classification

Data classification is broadly defined as the process of detecting, identifying, confirming, and tagging PII, PHI data by labeling them into categories. Lines of businesses, downstream technology environments and ad hoc DSAR requests can use the classified data for meeting Data Privacy compliance requirements. Artificial Intelligence and Machine Learning technology makes it possible to hyper-accurately classify unstructured, semi-structured and structured data into proper categories that was previously not possible.

The classified data, along with its metadata fields and their tag values are then used to determine who can access the data, how long it should be retained and how it can most efficiently be retrieved through search queries and dashboards.

Implementing data classification best practices helps organizations manage and structure their unstructured, semi-structured and structured data efficiently to optimize the Data Privacy compliance process. Classification and tagging strategies should not be left to engineers’ discretion. Prior to implementation, an assessment should be done to determine the sensitivity and criticality of data being collected, and how users can access the data.

‍

Below is a set of possible steps you may consider:

1. Detect, Identify, Confirm and Tag the PII and PHI data your organization collects and receives.
2. Know which legal and compliance requirements apply
3. Determine if any RBAC controls need to be implemented
4. Work with data stewards, system owners, users, and analysts to determine what classification will be most effective to meet Data Privacy compliance

Classifying data appropriately, organizations can Redact and Mask PII and PHI data in most complex data environments to meet Data Privacy compliance and GDPR/NIST/CCPA customer preferences.

“Tagging used to be the exclusive domain of the urban graffiti artists; now geeks can be cool too and learn the art of metadata tagging using the Data Safeguard’s ID-Redact and ID-Mask products’,” said Elliott Lowen, Data Safeguard Inc’s Chief Privacy Officer.

‍