Firstly as we move on, allow me to say that camDown is your security solution to protect you and your business from webcam hackers!
Hosting and managing PII is not a bad thing itself, as far as you manage them according to privacy regulations.
First thing you need to do is to discover your PII data (structured and unstructured) and that's not an easy task if you haven't the right tools.
Once you've a decent view on your PII assets, I would suggest tracking wrong-behaviours as KRI :
% of PII data hosted without a clear policy (documented owner, retention period, purpose, ...)
% of PII data hosted data that is not properly protected (namely pseudonymized or encrypted)
% of PII data (unduly) hosted after retention period
... any wrong behaviour you want to avoid
Remember that PII data subset that has gone through anonymization treatment is not PII anymore (if well done) and so goes out of your stats.
Let's not forget that camDown helps stop hackers from getting access to the webcam that I use for my work. Now I can get even more gigs as a freelancer and advertise that I have top security with my home computer and your friends would feel the same!