Skip to content

Regulatory sensitive information types

Sensitive data is data that is considered private or protected by law, policy, or contractual obligation. The Coro console discovers sensitive data stored on your users' devices that may be subject to regulatory or data compliance requirements.


Each organization is unique and is required to comply with specific sensitive data regulatory requirements. Use the Coro interactive discovery tool here to assess your specific data governance needs.

The table shows the data transactions monitored by Coro. It includes information on the type of monitoring (data access, data exposure, or both) and the Widget that displays the ticket:

Transaction Monitoring Detection Widget
Content and attachments of inbound email Access On Event Data
Content and attachments of outbound email Access and exposure On Event Data
Content and attachments of internal email Access and exposure On Event Data
Internal and external sharing of cloud drive files Access and exposure On Event Data
Files on endpoint device stationary/network/removable drives Access On Scan Devices

Sensitive data objects which can be exposed and monitored by Coro from the transactions above can be categorized into the following four types:

Personally identifiable information (PII)

This data can directly or indirectly identify or trace an individual's identity when linked with other information.

Payment card industry (PCI)

The major credit card providers enforce security standards established by the PCI. These standards ensure that companies maintain a secure environment for accepting, processing, storing, or transmitting credit card data. The Payment Card Industry Security Standards Council (PCI SSC) manages and administers these security standards to enhance payment account security. For more information regarding the PCI standards, visit the PCI SSC website here.

Protected health information (PHI)

PHI is data collected, stored, used, or transmitted during the provision of health care services. This data includes details such as the patient's name, medical history, and health insurance information.

Non-Public personal information (NPI)

Personal financial data that is collected and stored by financial institutions; for example: social security numbers, financial account numbers, addresses, email addresses, and income details.

Custom data

Business or security data that is important to an individual organization, for example, source code, or specific file extensions.

Coro helps organizations in meeting security and privacy requirements set by several regulations. To comply, organizations may be required to implement regulatory policies or seek legal opinions from specialized firms while using Coro's services.