July 4, 2017

Personal Information Mapping

What is Personal Information Mapping

Personal Information Mapping is building an inventory of each and every PI element that the organization deals with and mapping associated details like:

  • Where is the data stored?
  • How does it flow?
  • Who all have access to the data?
  • Who controls it?
  • Which third parties have access to this data?
  • What is the data being used for?
  • What kind of processing is the data subject to?

The above PI Map has to be a ‘live’ one – as in, it needs to be continuously updated to keep up as the organization evolves and grows.

Why does an organization need a Personal Information Map

An organization’s entire privacy initiative pertain to its Personal Information. Therefore, if the organization does not even know where its PI lies or what is going on with its PI, how will it put in the requisite measures, controls, processes etc to implement the organization’s privacy policy?

Therefore, the PI map forms the foundation on which an organization’s entire privacy program is based. Without the visibility that this generates, it is not possible to implement the program.

Building the PI Map

It is important to understand that building a PI map is a humongous task in most organizations. The reason is that most organizations have an asset-centric view of their information infrastructure. In other words, they have a detailed map of each asset in the organization. However, what is usually missing is a ‘data centric’ view – a view of what piece of data lies where, under who’s control, etc. A PI Map does precisely this.

Why Arrka

We have the necessary experience and expertise in doing this exercise. We have developed our own approach and methodology for undertaking this exercise and a team to carry it out. We also have our own tool to help an organization set up, maintain and manage its PI map on an ongoing basis.

For further details, contact privacy@arrka.com