Client Story: Managing the risk of a data breach for a major retailer

Client Story: Managing the risk of a data breach for a major retailer

Client Story: Managing the risk of a data breach for a major retailer


Our client, a leading retailer, wanted to uncover potential data breaches within their business and ensure compliance with the new mandatory data breach notification laws.

To achieve this, they needed deep and accurate insight into their information assets. And that meant access to a team of experts who could assess their complex and unstructured databases.

That’s when they engaged InfoCentric.


  1. To perform a qualitative risk assessment on the client’s Personal Identifiable Information (PII) and Payment Care Information (PCI).
  2. To give the client a richer understanding of how much sensitive data is stored in their large databases.
  3. To provide the client with greater insight into their sensitive data’s usage, age, recency and risks.


  1. We developed a detailed privacy exposure assessment process for the client’s structured and unstructured databases.
  2. We used intelligent scanners to record, catalogue and provide the data lineage for every file the client possessed.
  3. We presented our assessment, which included a high-level summary, key findings and next steps. It also covered recommendations to help our client safeguard their sensitive data – and meet the data breach notification laws.
  4. We gave the client access to an interface which covered:
    • A catalogue of all the files recorded through the intelligent scanners
    • The quantity of sensitive data in each file
    • Data flow between files
    • Data profiles that identify the sensitivity types and volume
    • The data’s usage, age and recency
    • Total asset exposure ratings


  1. Out of the 13.5 million files scanned, approximately 30% contained sensitive data
  2. The client developed the means to comply with the new legislation.
  3. We accurately classified all sensitive data, which helped with remediation.
  4. We consolidated the data – minimising organisational risks.
  5. The client optimised their internal controls decisions to reduce the risk of sensitive data exposure.
  6. The client received greater insight into the sensitive data held within their business.