Low risk - Lower indication of sensitive data
that appears to have additional access
restrictions in place or no indication of
sensitive data found.
Medium risk - Sensitive data may be present
but additional access or fine grain access
restrictions appear to be present. Consider
limiting access even further or transform data
High risk – SPII may be present. Access
controls may include public ACLs. Exfiltration
of data may lead to user data loss.
Re-identification of users may be possible.
Consider limiting usage and or removing SPII.