Data Mapping Project
Do you have a data mapping plan in place to identifying and classify the personal information your entity collects?
What to do?
Conduct an information audit to determine what information you use and who has access to it. This will make complying with the PIPA and other privacy regulations easier.
Ensure there is an up-to-date data map, showing where data is stored, particularly personal data, which is essential for:
Robust information lifecycle management, including disposal of data that is no longer required to be retained;
Responding efficiently to a serious data breach by being able to quickly identity the types of information that have been subject to unauthorised access.
Demonstrating the measures in place to protect and secure personal data in accordance with the requirements of PIPA.
Check whether your processes include identifying and locating personal in all the organisation’s systems. Consider cloud storage and any third-parties’ systems that have been listed on the data map to identify all the locations where personal data is stored.
High-risk use of information may mean that entities should consider an up-to-date and detailed list of processes to check privacy and security by design at all stages of use. Be prepared to show that list to regulators upon request.
Identify a Condition for your use of personal information. You will need to identify a Condition under PIPA to use personal information in Part 2: General Principles & Rules (Section 6).
Explain how the data is processed,
who has access to it, and
how you're keeping it safe.