> For the complete documentation index, see [llms.txt](https://help.protecto.ai/getting-started/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://help.protecto.ai/getting-started/protecto-overview/introduction/compliance-user-guide/risk-identification-key-definitions.md).

# Risk Identification: Key Definitions

Here is a quick overview of the key definitions of Protecto.

**General**

<table data-header-hidden><thead><tr><th width="260.5"></th><th></th></tr></thead><tbody><tr><td>Data Assets</td><td>Data tables or data objects.</td></tr><tr><td>Security Risk or Breach Risk</td><td>Estimated security risk based on the type of Personal Information (PI/PII/Sensitive), size of the table, and extent of access privileges.</td></tr><tr><td>Risk Level - Breach Risk</td><td><p>Based on the calculated breach risk, we categorize the severity of breach risk into 4 types:</p><ul><li>Severe</li><li>High</li><li>Medium</li><li>Low</li></ul></td></tr><tr><td>Excessive Access Privileges</td><td><p><strong>Good</strong>: Many users have access to the data asset, and more than 20% are active users.</p><p><strong>Broad</strong>: Many users have access to the data asset, but only 5% to 20% of users are actively using the data.</p><p><strong>Excess</strong>: Many users have access to the data asset, but less than 5% are active users.</p></td></tr><tr><td>Stale Data by Risk</td><td>Estimated risk based on the number of unused data assets in the past 90 days.</td></tr><tr><td>Privacy Risk Data</td><td>Estimated privacy risk of a data asset based on the type of personal data (PI/PII/Sensitive), size of the table, and activities.</td></tr><tr><td>Privacy Risk (Data Usage)</td><td>Estimated privacy risk of a data asset based on the type of personal data (PI/PII/Sensitive), size of the table, and activities in the past 90 days.</td></tr><tr><td>Risk level - Privacy Risk</td><td><p><strong>V High</strong>: High risk of data privacy violations. The data likely contains PII and may not have the necessary controls or accountability.</p><p><strong>High</strong>: Above average risk of data privacy violations. The data may contain PII and may not have the necessary controls or accountability.</p><p><strong>Medium</strong>: Moderate risk of data privacy violations. The data may contain some personal data, likely non-identifiable.</p><p><strong>Low</strong>: Low risk of data privacy violations.</p></td></tr><tr><td>Active Stale Infrequent</td><td><p><strong>Active</strong>: Data assets that were accessed multiple times in the last 90 days.</p><p><strong>Stale</strong>: Data assets that were never accessed in the last 90 days.</p><p><strong>Infrequent</strong>: Data assets that were accessed once the last 90 days.</p></td></tr><tr><td>Activities Count</td><td>The number of times the data asset was accessed.</td></tr><tr><td>Data Catalog</td><td>The data governance team can view the list of data assets, where they can add consent, data subject type, data subject location, and tags for the data assets.</td></tr><tr><td>Purposes</td><td>The data governance team can add new purpose, data subject type, and consent so that it will get reflected in the Data Catalog page.</td></tr></tbody></table>

#### User Types <a href="#toc119528031" id="toc119528031"></a>

<table data-header-hidden><thead><tr><th width="259.5"></th><th></th></tr></thead><tbody><tr><td>Data Governance /  Compliance Manager</td><td>The governance team identifies risks and tracks governance metadata needed for compliance from data teams. Security team can login as governance manager to view high risk data, overexposed data and inactive access privileges.</td></tr><tr><td>Data – Business Owner</td><td>They provide the governance team with privacy and compliance metadata such as data subject type, location, retention, consent, etc.</td></tr><tr><td>Data Users, Applications</td><td>Users or applications that access and use the data.</td></tr></tbody></table>

#### Data Types <a href="#data-types" id="data-types"></a>

<table data-header-hidden><thead><tr><th width="257.5"></th><th></th></tr></thead><tbody><tr><td>Data Types</td><td><p><strong>PI:</strong> Personal Information. You cannot identify the individual only with PI data (e.g., person country, DOB) </p><p><strong>PII:</strong> Personally Identifiable Information. You can identify the individual with PII data (e.g., name, email) </p><p><strong>Sensitive</strong>: e.g., race, genetics, religious preferences</p></td></tr></tbody></table>


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://help.protecto.ai/getting-started/protecto-overview/introduction/compliance-user-guide/risk-identification-key-definitions.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.