This Checklist describes relevant legal obligations and common gaps in information security practices, safeguards, and compliance for organizations that collect, manage, and use personally identifiable information (PII) to help prevent data breaches, cyberattacks, and other security incidents.