What happens if a disaster damages physical records containing PII and we cannot tell what was exposed?
When a fire, flood, or other disaster damages physical records containing personally identifiable information (PII), and you cannot reconstruct exactly what was in them, you face two overlapping problems: a potential privacy exposure and a recordkeeping loss. Uncertainty is not a reason to do nothing. Treat it as a triggering event and work the problem methodically.
Stabilize and secure the scene first
Before anything else, protect what remains. Restrict access to the affected area, secure salvageable records, and prevent further loss or unauthorized viewing. Document the condition of the materials with photographs and notes. This both supports recovery and creates a record of your response.
Reconstruct scope from surrounding evidence
You rarely have to start from zero. Use indirect evidence to estimate what was exposed:
- File plans, indexes, box inventories, and retention schedules that describe what should have been in the affected location.
- Database or system records that mirror or summarize the physical files.
- Backups, duplicates, or digitized copies held elsewhere.
- Staff knowledge of which record series and individuals were involved.
The goal is a defensible, good-faith estimate of the categories of data and the populations of people potentially affected.
Assess and disclose based on risk
Where you cannot rule out exposure, assess the privacy risk to individuals rather than only to the organization. If sensitive PII may have been compromised, treat the situation as a potential incident and follow your breach-response and notification obligations. Many privacy regimes expect notice when harm to individuals is reasonably possible, even if the exact contents are unknown. Coordinate early with privacy, legal, security, and records staff so decisions are consistent and documented.
Address the recordkeeping loss
Lost or destroyed records may still carry retention obligations. Document what was damaged, what was salvaged, and what could not be recovered, and report the loss through your organization’s process for unauthorized destruction or loss of records. Reconstruct essential records from copies where you can.
Reduce the next event’s uncertainty
The core lesson is preparedness. Maintain accurate inventories, off-site backups or digitized copies of high-value PII records, environmental protections, and a tested disaster plan. Frameworks like the NIST Privacy Framework can help you identify and manage these risks before a disaster strikes.
For related guidance, see the privacy and PII topic hub.
Sources & further reading
Authoritative government and non-profit references.
- NIST Privacy Framework — NIST
- Privacy Act of 1974 — U.S. Department of Justice
How to cite this page
APA
RM University Editorial. (2026). What happens if a disaster damages physical records containing PII and we cannot tell what was exposed?. Records Management University. https://www.recordsmgmt.org/questions/disaster-damaged-pii-records-cannot-tell-what-was-exposed/
MLA
RM University Editorial. "What happens if a disaster damages physical records containing PII and we cannot tell what was exposed?." Records Management University, 16 June 2026, www.recordsmgmt.org/questions/disaster-damaged-pii-records-cannot-tell-what-was-exposed/.
Related questions
- Can a multinational use ISO 15489 to build one global records policy, or does it still need separate schedules per country?
- Can blockchain or immutable storage be used for records when privacy laws require you to delete personal data on request?
- Can I keep customer data longer than my retention schedule says if I might need it later?
- Can I keep customer personal data indefinitely if they agreed to my privacy policy when they signed up?
- Can you be fined for failing to honor a data subject's deletion request if you can't find their records?