PHI PII Identification

We'll work with you to extract relevant PHI and PII and give you and your legal counsel the best possible guidance around regulation and breach notification.

Contact us
/en-ca/services/cyber-risk/incident-response-litigation-support/phi-pii-identification service

When a data breach event occurs, one of your company’s most pressing concerns is deciding exactly who you need to notify, especially if sensitive PII and PHI data have been breached. With more than a decade of experience helping businesses manage data breach events, Kroll is uniquely positioned to assist your company with identifying precisely what PII and PHI may have been impacted by an event.

If your company had a data breach, how simple would it be to compile your notification mailing list based on the data that was exposed? The data related to your breach population is not always organized in neat columns and rows. At times it’s difficult to determine what was lost, which in turn makes it difficult to determine who, exactly, you need to notify. Over-notification can lead to unnecessary costs, but under-notification may run afoul of regulatory compliance concerns.

As well as securing data from digital sources, we can scan video and audio files, and also complete a physical document review, aggregating and consolidating the impacted data. We’ll work with you to develop a plan and approach to understanding the data at hand, isolate the PII and PHI data from various file types, organize it into logical categories, and provide guidance to you and your legal counsel on our findings. These efforts will not only provide you with a master notification list, you’ll know the types of PHI or PII involved so that you can provide targeted messages and identity monitoring services to those affected.

The master list is presented to you and your legal counsel so that you can make informed decisions about exactly who to notify, saving you money and putting you in the most defensible legal position. Our advanced data analytics, combined with our years of experience in forensic analysis, will help secure the best possible outcome for your organization.


Joel Bowers is a managing director
Joel Bowers
Managing Director
Cyber Risk
Jason N Smolanoff
Jason N. Smolanoff
President, Cyber Risk
Cyber Risk
Los Angeles
Marc Brawner
Marc Brawner
Managing Director and Global Head of Managed Services
Cyber Risk

How we can help

Cyber Risk

Incident response, digital forensics, breach notification, managed detection services, penetration testing, cyber assessments and advisory.

Incident Response and Litigation Support

Kroll’s elite security leaders deliver rapid responses for over 3,200 incidents per year and have the resources and expertise to support the entire incident lifecycle.


Case Study – Spearphishing Compromises Fuel Chain Credit Card Transactions, Ends in Ransomware

Feb 03, 2021

by Christopher Ballod

The Monitor

What are Magecart Attacks and How to Protect Against Them

Mar 29, 2022

by Laurie Iacono Michael Carulli