Help Desk: (814)865-HELP security@psu.edu

Data Inventory

Here’s what you need to know about documenting your data.

 

What is a data inventory?

A data inventory is a compiled spreadsheet that logs the types of data you collect on individuals, where the data is located within Penn State, and the business purpose of such data.

What should I include in my data inventory?

Each unit must provide a data inventory that includes the following:

  1. The type of data (g., biographical data, health data, etc.)
  2. The business purpose for the data (e., why does Penn State have this data?)

For example:

Type of Data

Business Purpose

SSN

Paying employees

Why does having a data inventory matter?

A data inventory:

  1. Identifies information that must be tracked and safeguarded under the requirements of various laws, regulations, professional standards, or Penn State Polices and Standards(e.g., HIPAA, GLBA, NIST, AD95, etc.);
  2. Establishes compliance with applicable regulations, standards, and policies;
  3. Simplifies responses to e-discovery requests; and
  4. Accelerates breach incident investigation and containment.

Why does Penn State need a data inventory now?

Penn State must comply with the General Data Protection Regulation (GDPR), an EU regulation on data protection and privacy.  The implementation date of the GDPR is May 25, 2018.

For more information on Penn State’s initiatives pertaining to GDPR, please visit:

https://security.psu.edu/GDPR/.