How to remediate PII?

Radim ŘehůřekPersonal Data Protection, PII Remediation, Sensitive Data Remediation

PII Tools lets you automatically quarantine, erase, and redact files and emails to sanitize high-risk data. It works equally well over local data (file shares, laptops, devices) and cloud data (including Exchange emails and their attachments, Sharepoint, OneDrive), so let’s explore how to apply remediation to your workflow.

Let’s assume you’ve already identified where the sensitive data lives and which files and emails pose high risk. We’ve covered this in our article How to Identify Personal Data in the 21st Century. Accurate PII discovery is the essential “first step” before taking any action, so check it out if you haven’t.

Now you need to remediate the records, to contain their risk. “Remediate” is an umbrella word for a number of possible actions:

  1. You can erase the affected records (the simplest option).
  2. Move them to a different, access-restricted location, for further review and analysis. Also called quarantine.
  3. Encrypt the records to restrict access in-place.
  4. Leave them in place but surgically redact (mask, pseudonymize) the PII inside the original files.
  5. And finally, assign a label to an entire document so that other software, such as firewalls and email clients, know to treat the document specially (labeling, classification).

Starting with the April 2021 release, PII Tools supports remediation natively. You can quarantine, erase, and redact any files, emails, and email attachments straight from the dashboard, and labeling is coming next.

How does remediation work?

PII Tools offers an end-to-end workflow for DPOs, InfoSec, and legal teams, from personal data identification to tracking remediation activities for auditing.

Such remediations are useful as a part of compliance audits, data subject deletion requests (“right to erase” – GDPR, CCPA, etc.), cleanup during data migration projects, or just as a general best practice for keeping all your data clean and safe.

To get a clearer picture of how this all works in reality, let’s go over the workflow steps one by one.

1. Find sensitive data

To find the record(s) of interest, enter a search query into the PII Tools Analytics Dashboard. Let’s say you’re working toward a PCI audit. As a first approximation, pull up all objects (files, emails, database records…) containing any FINANCIAL information, classified at CRITICAL severity:

Note the “REMEDIATE ALL” button in the top-right corner. This is one of the starting points for moving from discovery (scanning, “read-only” mode) to remediation (taking action, affecting data)

2. Review & remediate

You can choose to remediate all records at once, or, after a manual human review, remediate only a selected subset of records.

For Office 365 emails (Exchange Online), you can even choose to remediate individual email attachments – leaving the rest of the email untouched.

Either way, the remediation process is started in the background. Its progress is displayed in the Remediation tab because large remediations (think erasing thousands or millions of files from a Windows file share) can take a while.

Remediate the filtered results in bulk, or choose which records to remediate individually.

Now, having worked with clients for over a decade, we realize each company is different and prefers a slightly different workflow. Remediation is no exception – I bet you have your own unique ideas about what constitutes “high risk” in your company, and what steps to take to mitigate it within your own IT infrastructure.

So we added one more workflow to PII Tools – remediating from a list of locations. This is the most hands-off option. Simply collect the locations-of-objects-to-remediate in an offline file, or have your users collect them for you, and then submit this file to PII Tools for bulk redaction.

For large PII Tools installations, this is often the preferred method. An administrator distributes offline PII Tools reports to employees, asking “Which of these high-risk files do you want to keep? Let me know by the end of the month; everything else from the report will be automatically deleted.” The employees respond with the (locations of) their files they wish to keep, and the administrator quarantines or deletes everything else automatically from the PII Tools dashboard.

3. Track changes for auditing

For the purpose of activity audits, compliance, and DSAR management, PII Tools keeps a detailed account of each remediation action taken. This audit record includes a timestamp of “when the action took place”, what kind of action it was, over which objects, plus the action’s result – including an error message in case the action failed (e.g., the data storage wasn’t accessible, or lacking write permissions).

Optionally, you can supply a Remediation note. This can be anything that helps you identify the reason for a particular remediation, for your future reference and for auditors.

All audit records, including the note, may be viewed in the web UI dashboard as well as exported out of PII Tools in a CSV format.

Does the remediation of personal & sensitive data sound like something you need? Book a free demo with our data protection expert.