PII location whitelist
Yes, it’s a stretch…
“Unstructured Data containing PII or SPI should not be found outside whitelisted (approved) locations.”
The expected outcome from this recipe is a list of files in unsafe locations that contain PII or SPI.
Crawl your data sources and assign them to datasets appropriately.
Create an advanced search. NOW Privacy automatically detects many flavours of PII and SPI . Use the count types of PII to detect files above a threshold of PII which meets your risk concerns.
Add a search term based on the file path to exclude specific locations from the search.
You can include as many of these as you need to exclude all locations which are considered approved by using an OR condition between the locations.
If a specific file is considered a valid location, you can use a combination of a path and file name to identify it unambiguously.
The result is a list of items that match your search terms. You can save the search to run again.
To track the progress of the policy over time, you can create a workflow from your advanced search.
NOW Privacy's workflows run advanced searches on a query for you, and tag the results automatically.