Exclude PII / PCI / PHI From a Breach Report

Radim ŘehůřekData breach, Personal Data

When responding to a breach incident, having a clear idea who's affected and how is a matter of urgency. Manual discovery of PII information is tedious and costly, so automated solutions come in handy. But how to deal with false positives?

PII Exclusions

One typical task during a data review is removing unwanted data instances. PII Tools already automates PII / PCI / PHI detection with unparalleled accuracy, but sometimes a specific datum is not to be presented to the client for whatever legal or compliance reasons.

PII Tools release 3.7.0 brought a new UI to exclude PII conveniently straight from the analytics dashboard:

PII Tools animation, exclude unwanted PII

Exclude PII from the dashboard on a case-by-case basis.

There's a new tab called – unsurprisingly – "Exclusions" to manage the exclusion rules. Each rule is applied to every PII detection at report-generation time, to determine whether to include that detection in the report or not.

This is an important point: PII Tools still does its advanced machine learning data crunching behind the scenes, to detect all PII, including from images (photos of passports, ID scans…), structured and unstructured files, emails etc. So the excluded PII is still detected and kept in your inventory – it just won't appear in reports. This means that if you change your mind later and delete an exclusion, you will "unmask" its PII instantly, without a need to re-scan the data.

PII screenshot, exclude passport

Exclusions are applied at report-generation time, not at scan time, to allow exclude / include without a re-scan.

For technical details and API endpoints (yes, exclusions get their own programmatic access, just like every other feature in PII Tools), refer to the online product documentation: https://documentation.pii-tools.com/#exclusions.

Apart from PII Exclusions, release 3.7.0 introduced a new type of report, "Affected Persons". This is another convenience feature for breach incident response & security teams; read more about that in the Affected persons post.

This is an article about PII Tools, our on-prem (self-hosted) software for accurate personal and sensitive data discovery. PII Tools uses proprietary context-aware AI technology to make the life of CISO, Security, Legal & Privacy teams easier.

Questions? Want to see a live demo? Contact us.


Download our AI whitepaper

Detecting Personal Names in Text