Skip to content
Records Management University

Privacy, PII & Data Protection

Where records management meets privacy — protecting personally identifiable information and aligning retention with data-protection law.

Articles in Privacy

Breach Notification and the Role of Records

How records management underpins breach notification, from detecting what data was exposed to proving timelines, scoping affected individuals, and documenting the response.

Data Minimization in Practice

A practical guide to data minimization for records managers, covering disposition, retention schedules, and reducing personally identifiable information across the lifecycle.

De-Identification and Anonymization of Records

An educational guide to de-identification and anonymization of records, covering techniques, re-identification risk, retention implications, and governance.

The GDPR Right to Erasure and Records Retention

How the GDPR right to erasure interacts with records retention obligations, and how organizations reconcile deletion demands with lawful recordkeeping.

Privacy by Design in Recordkeeping

How privacy by design embeds proportionality, minimization, retention discipline, and access controls into recordkeeping systems from the start rather than as an afterthought.

Privacy Impact Assessments (PIAs)

A practical guide to Privacy Impact Assessments — what they evaluate, when to conduct them, and how PIAs intersect with records management and retention.

Responding to Data Subject Access Requests (DSARs)

A practical guide to handling data subject access requests, covering intake, identity verification, search and retrieval, redaction, and timely response under privacy law.

Securing Records That Contain PII

How records managers protect personally identifiable information across its lifecycle using classification, access controls, encryption, retention limits, and secure disposition.

System of Records Notices (SORNs) Under the Privacy Act

A practical guide to System of Records Notices (SORNs), the public notices agencies must publish under the Privacy Act before maintaining records retrieved by personal identifier.

The Privacy Act of 1974 Explained

The Privacy Act governs how federal agencies collect, maintain, use, and disclose records about individuals — and gives people rights to access and amend their own records.

Understanding PII: What Counts and Why It Matters

Personally identifiable information is any data that can identify a specific person. Here's what counts as PII, why some is especially sensitive, and how it shapes recordkeeping.

Records Management and Privacy Laws: GDPR, State Laws, and Retention

Privacy laws like GDPR and U.S. state acts grant rights to access and delete personal data. Meeting them depends on knowing what you hold and disposing of it on schedule.

Records Retention and Privacy: Why Keeping Less Is Safer

Retention schedules and privacy law share a goal — don't keep personal data longer than necessary. Aligning the two reduces both compliance risk and breach exposure.

Common questions

See all 83 Privacy questions →

Key terms