Privileged Access and Session Management tools can provide an extensive layer to control who can gain access to consumer data as well as providing recordings of activity should you need to review what was accessed. Extending that to Endpoint Privilege Management tooling as well can help ensure that even when access is granted to systems holding sensitive data, the person with that access only has the least privilege necessary for their role in the organisation. The engineer managing the operating system doesn’t need and shouldn’t have, access to the data files on the system. Even the engineer managing the application that provides access to the data files doesn’t generally need direct access to the data files.
Making sure that access is appropriately controlled and limited is equally as important as knowing where the data is, effective controls ensure there’s no unexpected access.