Unstructured Data = Not Important?
Lots of our data is there in well defined (well if you think that a Column Name of "NumS" makes something well defined) database columns. We know that we need to protect the values in the columns that we have deemed sensitive. (Whether we actually do it or not, is another story.)
However, some column data contains unstructured or free form text. This includes lab test results, diagnoses, names, transaction information, test results, addresses, phone numbers etc. What are we doing to find that information .... or are we playing Ostrich and hoping that no one will notice. (Certainly not those big bad hackers that may already be in our network.)
Do we have any type of automation behind our efforts ... or are we hoping that our speed reading course will really pay off. Will our automation continue discovery of sensitive data after the first one is found or are we just trying to check a box to say that we are done? (FYI, hackers ONLY look for the first piece of sensitive data in a note / comments field.)
And once we have found the data, what do we do now? How many copies of it are there for our good friends from Hackers R Us to go after? I'm sure that they will only go after production data, why would they possibly be interested in any other environments which may be less protected and are littered all over our network. @DataPrivacyDude