Personal data, especially in healthcare, seems to breed on its own, which is why, like the dinosaurs in Jurassic Park, it’s critical to keep close tabs on where it is and how it is used. First stop: a data inventory.
Nick Weil and Mayesha Awal (LinkedIn) of Epsilon Life Sciences explain that a data inventory is necessary because often organizations don’t have a strong handle on their data. You need to take a noun and verb approach, they explain. The noun addresses where the data is: what computers, servers and file cabinets it is stored in. The verb speaks to what is being done with the data. What are the processing activities? What functions are accessing the data?
It’s good information to have for its own sake, but under data protection regimes ranging from GDPR in Europe to HIPAA in the US, it is essential.
It is also a project that is often filled with surprises. Compliance teams conducting an inventory may discover a wide range and types of data processing activities. These can include GPS information, payment card method, biometrics and much more. Plus, of course, there are the number of ways that vendors may be using the data, and what information may be in the Zoom call that just got recorded.
Listen in to learn more about how to uncover and manage the data in your organization’s inventory.