PII (US) Checks & Test Suite...A test suite is a logical grouping of test definition files, or a set of checks, that define how to present the scanned data. Test suites allow you to

Accessible content is available upon request.

PII (US) Checks & Test SuitePresented by Esad Ismailov November 2016

©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc.

Personally identifiable information (PII), or sensitive personal information as used in US privacy law and information security, is information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context. The abbreviation PII is widely accepted in the US context, but the phrase it abbreviates has four common variants based on personal / personally, and identifiable / identifying.


What is this?

• Client records• Employee records• Previous project files

Challenge: Collecting Data

What you use…

What you need to keep…

• Current project files• Current reference docs

Dark Data


[Most collected] data is garbage… 80% of data collected has no meaning whatsoever*

Only 28% of data stored today represents any value to day-to-day business*

Average cost of Data Management is 3.5% of revenue**

*IDC Advisory & Research Services**Forbes


Privacy and Information Security ConcernsMobile access to content a security risk“Social” software can expose data more easily

Information Governance ChallengeAccountability for regulated data Audits for security and controls Scalability


DealerBuilt

If you bought a car in the last few years, there's a good chance your personal information may

have found its way to the open internet.

Office of the Controller of the Currency

A U.S. bank regulator on Friday disclosed a data breach involving a former agency employee’s

unauthorized removal of more than 10,000 records.

Anthem, Inc.

As reported by Health and Human Services unauthorized access/disclosure. No specific information as to what

information was compromised as provided by health and human services

Premier America Credit Union

We recently learned that a departing employee of Premier America emailed to his non-Premier America account lists

that reflected some of your personal information, in violation of our company policies

Toyota Motor CorporationOn June 28, 2016, a TFS associate mistakenly emailed a

spreadsheet containing customer information to her personal email account. The information compromised

included account numbers, first and last names, telephone numbers, payoff amounts and maturity dates.

California Department of Corrections and Rehabilitation

An employee inadvertently e-mailed a document containing your personal information to the wrong

person

FCC Fines AT&T $25m for Data Privacy Lapse

FCC Issues $10 Million Fine in Data Breach to Terracom/YourTel America

Sony hack hard to predict total costs – 100Mil USD$

Target CIO Fired/Resigns

http://www.zdnet.com/article/bought-a-car-recently-millions-of-customers-records-found-online/http://www.wsj.com/articles/u-s-bank-regulator-notifies-congress-of-major-data-security-breach-1477684445https://oag.ca.gov/ecrime/databreach/reports/sb24-64011http://oag.ca.gov/ecrime/databreach/reports/sb24-63586http://oag.ca.gov/ecrime/databreach/reports/sb24-62703


PII (US) Response by AvePoint1. Identify PII your

organization needs to protect

2. Prioritize PII risks3. Locate where PII is across

systems4. Create and enforce

acceptable use policies with CG

5. Educate your employees on acceptable use policies


1) Compliance Guardian PII(US) Test Suite2) Support Vector Machine*3) Identify Exact Matches – Fingerprint Check


Compliance Guardian US-PII Checks Overview A check is an XML file that defines the logic that Compliance Guardian uses to check files. Checks identify the purpose for the check (the type of check to run, such as a pattern of characters), the condition for the check (such as a social security number pattern), and the possible result of the check (true or false). Users can change the values in the checks to determine the check conditions, but the elements’ specific format defined by Compliance Guardian in the checks must stay the same.

PII (US) Checks

1


Compliance Guardian US-PII Test Suite Overview A test suite is a logical grouping of test definition files, or a set of checks, that define how to present the scanned data. Test suites allow you to build scan plans for your specific regulations and requirements. These collections are the basis of Compliance Guardian scans. A test suite contains one or more checks and a configuration file that is used to define how to combine these checks and set risk levels for scan results.

SVM

Health Forms

Insurance Forms

Medical Reports

Clinical Results

2

Step 1 Step 2

2

PII (US) Checks & Test Suites What is PII?Challenge: Collecting Data幻灯片编号 4Challenge: Protecting Data PII Impact, Breaches & Fines幻灯片编号 7How To Identify Information?Compliance Guardian US-PII Checks Overview Compliance Guardian US-PII Test Suite Overview US-PII Personal Information Test Suite LogicUS-PII Test SuiteUS-PII: Define ScopeUS-PII: Define Scope SettingsUS-PII: Configure Scan RuleUS-PII: Configure Action RuleUS-PII: Configure Action Rule�Redact/Pseudo-anonymize Passport NumberUS-PII: Configure Action Rule�Add a tag/classify the document and start an incidentUS-PII: Configure Action Rule�Move a document to another locationIdentify Document Types using Support Vector MachineSVM: Pre-process, Train & PredictIdentify Exact Matches – Fingerprint checkDemo: Real Time Data Discovery & Classification in SharePointDemo: Sensitive Personal InformationDemo: Sensitive Personal InformationDemo: Sensitive Personal InformationDemo: Sensitive Personal InformationDemo: Sensitive Personal InformationDemo: Sensitive Personal Information NotificationIncident Management Center – All Scan RecordsIncident Management Center – SummaryIncident Management Center – Scan DetailsIncident Management Center – Taken ActionsIncident Management Center – Violation Highlight ReportIncident Management Center – HistoryReport Center – DashboardReport Center – DashboardReport Center – DashboardReport Center – DashboardReport Center – DashboardReport Center – Platform HeatmapReport Center – Test Suite HeatmapReport Center – Test Suite Heatmap幻灯片编号 44未标题PII (US) Checks & Test Suite�Presented by Esad Ismailov November 2016

Documents

PII (US) Checks & Test Suite...A test suite is a logical grouping of test definition files, or a set of checks, that define how to present the scanned data. Test suites allow you to