Personal Identifiable Information Tracking with Manta Tools
Every enterprise BI needs to deal with PII nowadays. How can Manta Tools help with that?
Personal Identifiable Information (PII) consists of data elements that alone or in combination can directly or indirectly lead to the identification of a specific individual. Any organization which handles such data needs to comply with strict data protection rules, otherwise they may face very high fines which can climb up to millions of EUR or even criminal prosecution.
Large BI solutions and data warehouse organizations typically store thousands of data elements, and many of them meet the criteria for PII. For example, when a data warehouse is expected to provide source data to generate lists of customers who will be mailed within a specific cross-sell campaign, then such a data warehouse simply has to contain customer names and addresses or e-mails. But this data must be isolated from other data so that the larger community of BI users cannot combine sensitive information, like bank account balances, transactions or credit card limits with customer names or their social security numbers.
What is needed, then?
It is often difficult to balance business requirements to access maximum sets of data with data protection rules. For example, a bank account number or credit card number alone does not necessarily need to be considered PII. Sometimes there are good reasons why even BI analysts need to use them, for example, when they merge different data sets where an account or credit card number is the only unique identifier available. But data protection officers should have a chance to make sure there is no additional data available (for example in data marts) that in context would build up sensitive PII.
Using Manta Flow and Manta Security Flow you can construct and analyze meta-data models that will identify PII in any component of your BI solution. But sometimes it is more difficult. For example, a data mart contains PII data, but end users can only access reports generated from this data mart which contain only aggregated values. In this case there is no breach of data protection rules, and this should be recognized during the analysis. Manta Tools can help here as well, as it can identify aggregations within the analyzed data transformations and suggest where in the data flow PII sensitivity is being dismissed.
Also, the anonymization of sensitive data takes place very often in BI solutions. Either data in sensitive fields is anonymized or it is replaced with surrogate keys – each record remains unique but cannot be used to identify objects in the real world. Manta Tools allows you to flag all data transformations where anonymization happens and treat all outputs from these transformations as non sensitive.
Any comments or questions? Just let us know in the form on the right or directly via email.