Education & Training
Office of Information Security
Here’s what you need to know about documenting your data.
WHAT IS DATA INVENTORY?
A data inventory is a compiled spreadsheet that logs the types of data you collect on individuals, where the data is located within Penn State, and the business purpose of such data.
WHY DOES PENN STATE NEED DATA INVENTORY NOW?
Penn State must comply with the General Data Protection Regulation (GDPR), an EU regulation on data protection and privacy.
For more information on Penn State’s initiatives pertaining to GDPR, please visit: General Data Protection Regulation (GDPR).
WHY DOES HAVING A DATA INVENTORY MATTER?
A data inventory:
- Identifies information that must be tracked and safeguarded under the requirements of various laws, regulations, professional standards, or Penn State Policies and Standards (HIPAA, GLBA, NIST, AD95, etc.);
- Establishes compliance with applicable regulations, standards, and policies;
- Simplifies responses to e-discovery requests; and
- Accelerates breach incident investigation and containment.
WHAT SHOULD I INCLUDE IN MY DATA INVENTORY?
Each unit must provide a data inventory that includes the following:
- The type of data (biographical data, health data, etc.)
- The business purpose for the data (why does Penn State have this data?)