Review data that may have or will be released to determine if it is protected health information and/or fully de-identified per Federal standards

Classify personal data into classes such as “publicly available”, “confidential”, “sensitive”, etc., which allows an organization to narrow the scope of what needs to be protected and how. Create and establish procedures for the organization’s classification scheme, along with details around data ownership, a description of retention requirements and appropriate use and protection requirements based on the classification level and legal requirements (e.g., certain types of data may be subject to particular legal requirements, such as health or financial data).

Source :
https://www.nymity.com/data-privacy-resources/privacy-management-tools/~/media/NymityAura/Resources/Research/PMA_Scopes.pdf