Determine the compliance exposure risk based on the information collected, Dataguise said. Personally identifiable information in the form of names, addresses and Social Security numbers may be included in the data. The firm's recent survey found a small number storing sensitive data in Hadoop, including Social Security numbers, credit card numbers and addresses. Organizations shouldn't be storing credit card data, according to the Payment Card Industry Data Security Standards (PCI DSS). Encryption is also a requirement under the standard.