priivacy

    PII Security Assessment

    Demo Scan (Copy)

    27 May 2026 โ€” 27 May 2026

    Australian Privacy Principles

    Executive Summary

    Across 1 scan, this assessment analysed 70 files and identified 68 containing personally identifiable information (97.1% exposure rate), with 1,074 total PII instances detected. Of these, 22 critical and 1 high-risk files require immediate attention. Person Name is the most frequently detected PII type (356 instances).

    Files Scanned

    70

    Files with PII

    68

    97.1% exposure rate

    Overall Risk Level

    MEDIUM

    Score: 44/100

    Total PII Found

    1,074

    17 distinct PII types

    22 Critical Risk Files

    These files contain highly sensitive PII with high identifiability, posing significant breach risk.

    Action: Review and remediate as priority

    135 Restricted Sensitivity Findings

    Restricted-sensitivity PII (e.g. TFN, SSN, credit card, passport) was detected and requires enhanced protection.

    Action: Apply encryption and access controls immediately

    Risk Overview

    Risk Score
    44/ 100
    MEDIUM RISK
    Risk Level Distribution
    Sensitivity Distribution

    PII Types Detected

    Top PII Types by Instance Count
    PII Type Details
    PII TypeSensitivityInstancesFiles
    Person Name
    INTERNAL
    		35641
    Organisation Name
    INTERNAL
    		31646
    Credit Card Number
    RESTRICTED
    		1001
    Email Address
    INTERNAL
    		1001
    Location / Address
    INTERNAL
    		7034
    Nationality
    INTERNAL
    		3519
    Date of Birth
    CONFIDENTIAL
    		3320
    Passport Number
    RESTRICTED
    		2817
    Date of Expiry
    CONFIDENTIAL
    		1616
    Australian Address
    INTERNAL
    		41
    Phone Number (AU)
    INTERNAL
    		41
    Patient ID / MRN
    RESTRICTED
    		32
    Racial / Ethnic Origin
    RESTRICTED
    		31
    Driver's Licence
    CONFIDENTIAL
    		22
    Gender / Sex
    CONFIDENTIAL
    		22
    Australian Business Number (ABN)
    INTERNAL
    		11
    International Bank Account Number
    RESTRICTED
    		11

    File Analysis

    File Types Scanned
    PII Exposure Ratio
    68
    2
    Files with PII (97.1%) Clean Files (2.9%)

    Document Age Distribution

    Remediation Priorities

    PII types ranked by risk, with retention age breakdown

    #PII TypeTotalCurrent
    (0-7 years)    		7-10 Years10+ YearsRetention RiskRiskScore
    1Credit Card Number100100---10/10110
    2International Bank Account Number11---10/10100
    3Passport Number2828---10/10100
    4Patient ID / MRN33---10/10100
    5Racial / Ethnic Origin33---10/10100
    6Driver's Licence22---7/1070
    7Date of Birth3333---7/1070
    8Date of Expiry1616---7/1070
    9Gender / Sex22---7/1070
    10Email Address100100---4/1050
    11Organisation Name316316---4/1050
    12Person Name356356---4/1050
    13Australian Business Number (ABN)11---4/1040
    14Australian Address44---4/1040
    15Phone Number (AU)44---4/1040
    16Location / Address7070---4/1040
    17Nationality3535---4/1040

    Priority Score: Risk Weight (1-10) x 10 + Retention Risk % x 0.5 + Volume Bonus (100+ items=+10, 1K+=+20, 10K+=+30).Amber rows indicate 30%+ items exceed 7-year retention.Red values indicate 10+ year old data requiring immediate review.

    Remediation Status

    Pending

    1,074

    Remediated

    0

    Reviewed

    0

    False Positive

    0

    Remediation Progress0%

    Compliance Overview โ€” APP

    Australian Privacy Principles

    The Privacy Act 1988 (Cth) and Australian Privacy Principles (APPs) regulate the handling of personal information by Australian Government agencies and private sector organisations. APP 11 requires entities to take reasonable steps to protect personal information from misuse, interference and loss, and from unauthorised access, modification or disclosure.

    Key Findings

    1,074 PII instances detected across 68 files, requiring review under Australian Privacy Principles.

    22 files classified as CRITICAL risk โ€” immediate action recommended.

    135 restricted-sensitivity findings detected (e.g. TFN, SSN, financial data).

    1,074 findings are pending remediation.

    Recommendations

    • Review and remediate all critical and high-risk findings as a priority.
    • Implement data minimisation policies to reduce unnecessary PII storage.
    • Apply appropriate access controls and encryption to sensitive data stores.
    • Schedule regular scans to monitor for new PII exposure.

    priivacy ยท Report generated 27 May 2026