A company uses Amazon S3 to store data, which must comply with regulations prohibiting the inclusion of personally identifiable information (PII). The company has identified PII in some S3 objects and requires an automated solution to detect PII and alert the security team. Which AWS service and notification method should be implemented?