Data incidents involve the exposure of sensitive information such as personally identifiable information and protected health information to third parties. Data incidents may comprise data breaches, privacy breaches, privacy or security incidents, and other similar events that result in the exposure of sensitive information to third parties. Some of these exposures may be subject to numerous state and federal statutes that delineate requirements that are to be imposed upon the party that was entrusted to protect the data. Personally identifiable information (hereinafter “PII”) and protected health information (PHI) which, regards healthcare related information for individuals that are maintained by a covered entity (e.g., an entity that has been entrusted with the PHI such as a hospital, clinic, health plan, and so forth), may include, but is not limited to, healthcare, financial, political, criminal justice, biological, location, and/or ethnicity information. For purposes of brevity, although each of these types of PII and PHI may have distinct nomenclature, all the aforementioned types of information will be referred to herein as PII/PHI.