Data Systems: Add PII to Data Categories

One of the key data mapping exercises is to identify which data systems contain PII. In addition, certain data privacy laws, like CPRA in California, also now require additional tracking and rights when it comes to what is being called sensitive data. To make that part of the mapping process easier for our customers, we will want to add the ability for built-in and custom data categories to indicate whether or not they contain PII and, if so, what type of PII data.

Feature Overview

• Add single-select PII field to Data Categories.
• Single-select options:
  • No
  • Standard
  • Sensitive
• Enable ability to change the PII type for new and existing Data Categories in the Admin UI and via the Privacy API.
• Add PII setting to built-in read-only Data Categories.
• Business to use the following list to determine the PII type for our built-in Data Categories. Here are the relevant categories according to GDPR:
  • Names
  • Home addresses
  • Emails
  • Identification card numbers (such as social security, passport etc.)
  • Location data (such as geolocation through a phone)
  • IP addresses
  • Search and browser history
  • Health-related and biometric data (Sensitive)
  • Ethnic information (Sensitive)
  • Political convictions (Sensitive)
  • Religious beliefs (Sensitive)
  • Sexual orientation (Sensitive)
• Current Category Mappings:
  • Name = Standard
  • Email Address = Standard
  • Postal Address = Standard
  • Phone Number = Standard
  • Government Identification = Standard
  • Date of Birth = Standard
  • Credit/Payment Card Number = Standard
  • User Generated Content = No
  • IP Address = Standard
  • Device = Standard
  • Education = Standard
  • Employment = Standard
  • Business/Company = Standard
  • Demographics = Sensitive
  • Location = Standard
  • Military Status = Standard