It’s no surprise that with the blender approach to funneling data throughout the enterprise and organization the concern about Personally Identifiable Information (PII) is high in the minds of C-level folks and SharePoint administrators.
After all, when you consider the go-to sources available today, such as Libraries, lists, Dropbox folders, Amazon EC2 storage, SkyDrive and file shares, to name a few, how does one go about buttoning down the hatches, so to speak, with proper security, governance and compliance backstops put in place?
At first blush, these elements are simply monitored, wherever they might exist because the SharePoint taxonomy is, well, lacking thereof. Let’s face it, sometimes the person who puts the data "there" is the only one who really understands what it is.
Too, project team members may choose to store files and documents in MySite, or SkyDrive, to access from home or where ever when they want to.
Moreover, when it comes to making sure all of this data and information is ISO 9001 compliant, the unfortunate outcome is avoidance of these strict regs for all documents: documents during and after the project.
In comes down to knowing the how of migrating information, say, if one is upgrading to 2013. Overall, it requires a tagging and classification of data and information, particularly the PII-related stuff: credit cards and health profiles; social security numbers.
In short, all of those strict requirements set forth by HIPPA, FISMA and GLBA must be adhered to, making sure it doesn’t get ‘lost’ in the cloud and ends up in an employees MySite---or, worse, on a hard drive at home.
Lastly, PII going into file repositories, whether file servers, SharePoint, Office 365, or SharePoint Online, requires greater measures of security. Site sponsor CipherPoint Software provides security software that encrypts SharePoint data, file server data, and that encrypts Office 365 files. They also provide access controls, and file access audit reporting.