PHI PII Identification

We'll work with you to extract relevant PHI and PII and give you and your legal counsel the best possible guidance around regulation and breach notification.

When a data breach event occurs, one of your company’s most pressing concerns is deciding exactly who you need to notify, especially if sensitive PII and PHI data have been breached. With more than a decade of experience helping businesses manage data breach events, Kroll is uniquely positioned to assist your company with identifying precisely what PII and PHI may have been impacted by an event.

If your company had a data breach, how simple would it be to compile your notification mailing list based on the data that was exposed? The data related to your breach population is not always organized in neat columns and rows. At times it’s difficult to determine what was lost, which in turn makes it difficult to determine who, exactly, you need to notify. Over-notification can lead to unnecessary costs, but under-notification may run afoul of regulatory compliance concerns.

As well as securing data from digital sources, we can scan video and audio files, and also complete a physical document review, aggregating and consolidating the impacted data. We’ll work with you to develop a plan and approach to understanding the data at hand, isolate the PII and PHI data from various file types, organize it into logical categories, and provide guidance to you and your legal counsel on our findings. These efforts will not only provide you with a master notification list, you’ll know the types of PHI or PII involved so that you can provide targeted messages and identity monitoring services to those affected.

The master list is presented to you and your legal counsel so that you can make informed decisions about exactly who to notify, saving you money and putting you in the most defensible legal position. Our advanced data analytics, combined with our years of experience in forensic analysis, will help secure the best possible outcome for your organization.

/en-ca/services/cyber-risk/incident-response-litigation-support/phi-pii-identification /-/media/feature/services/cyber-risk/incident-response-litigation-support-desktop-banner.jpg service

Incident Response and Litigation Support

Contact Us


Cyber Risk

Global, end-to-end cyber risk solutions.

Cyber Risk



Case Study – Spearphishing Compromises Fuel Chain Credit Card Transactions, Ends in Ransomware