That seems absolutely minimally responsible for a big business. Documenting the ingress and egress points of PII, the first step to actually actively safeguarding it. You seem skeptical, but that sounds like a good thing to me. Management pays attention to spreadsheets. Besides, a good spreadsheet, with relevant data, frozen column labels, already tabled and styled in at least first normal form, possibly generated with perl, you're saying poor bastard, I'm thinking opportunity to excel... heh.