Many companies don’t have a firm grasp on where personally identifiable information lives in their information assets, much less have solid, defensible policies and procedures in place for protecting that information. If the Data Accountability and Trust Act (HR 2221), which just passed the House in the beginning of December, is passed into law all companies will have to overhaul their records management practices to not only protect this information, but also to identify and monitor any vulnerabilities that might pose a risk to this information.

You can’t protect information if you don’t understand what it is, or where it exists. In order to be prepared to comply with the DATA Act, a company must asses all of their records and understand where they are storing personally identifiable information about customers, employees, vendors, etc. If a company takes a proactive approach to understanding their information landscape, they will be better prepared to comply with the new regulations and they will also be able to mitigate many of the security risks that companies are unwittingly vulnerable to.