LinkedIn and 3rd parties use essential and non-essential cookies to provide, secure, analyze and improve our Services, and to show you relevant ads (including professional and job ads) on and off LinkedIn. Learn more in our Cookie Policy.

Select Accept to consent or Reject to decline non-essential cookies for this use. You can update your choices at any time in your settings.

Start free trial Sign in

From the course: Implementing the NIST Privacy Framework

Unlock the full course today

Join today to access over 24,200 courses taught by industry experts.

Data inventory and mapping

Data inventory and mapping

From the course: Implementing the NIST Privacy Framework

Start my 1-month free trial Buy for my team

Data inventory and mapping

“

- [Instructor] The first category in the Identify-P function is data inventory and mapping. This is where you categorize your organization's data processing by systems, products or services that is used to inform your organization's privacy risk management activities. What this really means is that you create an inventory of any asset that touches personal information, because any of those points can lead to a privacy data breach. From the NIST Privacy Framework Core documents, you can see the specific details listed in each subcategory for the inventory and mapping category. I'll explain each at a high level. It starts by listing the sensitive personal data in your environment. Do you process personally identifiable information, protected health information, cardholder data, tax information, browsing habits, et cetera? Each should be classified as personal data and included in your inventory sheet. See the…

Contents