Identification should include
- organizational consequences of privacy breaches
- notifications of breaches
- data types and classification of data
- privacy enhancing technologies
- roles and responsibilities of data
- owners
- controllers
- processors
- custodians and/or steward
- protection officer
- information life cycle
- impact assessment
- terms of agreement
- privacy notices.