AP2I: Adaptive PII Scanning and Consent Discovery System

Abstract

Currently, there are several off-the-shelf Personal Identifiable Information (PII) scanning tools available as an assistive tool to find the PII in the network and system endpoints such as server, personal computer, devices, or cloud storage. Most tools have been designed to support General Data Protection Regulation (GDPR), Health Insurance Portability and Accountability Act (HIPPA), California Consumer Privacy Act (CCPA) etc. In Thailand, the Personal Data Protection Act (PDPA) will be enforced in May 2021. Organizations in Thailand are thus now going to be faced with more challenges in relation to security and privacy than they have ever had before. In this paper, we propose a AP2I system which is an adaptive PII scanning and discovery tool for helping the organization to automatically discover and manage PII for enhancing their privacy policy and satisfying PDPA compliance. Our AP2I consists of four key modules including (1) Converter converting text to csv format, (2) PII Scanner scanning the PII based on the extended function of Presidio, (3) Consent checker checking the analyzer and recognizer function of Presidio for the scanning process, and (4) PII inventory storing well-organized PII identifying PII records, data subject, and their source. We also conducted the experiment to demonstrate the efficiency of our proposed system.