Given the rise of privacy regulation and the proliferation of IT assets (fixed, virtual, mobile), challenges arise for organizations in managing sensitive personal information, such as the personal healthcare information (PHI) governed by government regulatory laws (for example, the Health Insurance Portability and Accountability Act (HIPAA)). Furthermore, an organization should be in an audit-ready position to demonstrate compliance to external regulatory and contractual requirements, as well to demonstrate that internal processes are effective in processing and protecting this information. Based on privacy laws, the owner of a PHI data set may require an organization to provide a report or delete whatever information is being processed and stored. Appropriately managing such sensitive personal information thus poses many challenges to organizations responsible for such data.