Skip to content

Regulatory sensitive information

Sensitive data is data that is considered private or protected by law, policy, or contractual obligation. The Coro console discovers sensitive data stored on the emails and cloud drives of your users that may be subject to regulatory or data compliance requirements, such as sharing from OneDrive, Google Drive, Box, or Dropbox.


Each organization is unique and is required to comply with specific sensitive data regulatory requirements. Use the Coro interactive discovery tool here to assess your specific data governance needs.

The following table shows the data transactions monitored by Coro. It includes information on the type of monitoring (data access, data exposure, or both):

Transaction Monitoring Detection Component
Content and attachments of internal (inbound and outbound) email between protected users Access Ticket Data
Content and attachments of outbound email Access and exposure On Event Data
Content and attachments of internal email Access and exposure On Event Data
Internal and external sharing of cloud drive files Access and exposure On Event Data

Sensitive data objects which can be exposed and monitored by Coro from the transactions above can be categorized into the following four types:

Personally identifiable information (PII)

PII is any information connected to a specific individual that can be used to uncover that individual's identity This data includes:

  • Social security numbers (SSNs)

  • Full Name

  • Email address

Payment card industry (PCI)

The major credit card providers enforce security standards established by the PCI. These standards ensure that companies maintain a secure environment for accepting, processing, storing, or transmitting credit card data. The Payment Card Industry Security Standards Council (PCI SSC) manages and administers these security standards to enhance payment account security. For more information regarding the PCI standards, visit the PCI SSC website here.

Protected health information (PHI)

PHI is data collected, stored, used, or transmitted during the provision of health care services. This data includes patient:

  • Name

  • Medical history

  • Health insurance information

Non-Public personal information (NPI)

NPI is personal financial data that is collected and stored by financial institutions. NPI is a combination of PII and other indicators. For example, SSNs are PII indicators, but in combination with credit card information, they are also classified as NPI.

Business sensitive data

Business or security data that is important to an individual organization. The following is considered business sensitive data:

  • Source code

  • Passwords

  • Sensitive file types

  • Certificates

  • Critical data

Coro helps organizations in meeting security and privacy requirements set by several regulations. To comply, organizations may be required to implement regulatory policies or seek legal opinions from specialized firms while using Coro's services.


You can view tickets from the User Data Governance component on the Actionboard:

User Data Governance component

Policy violation

When a transaction violates a sensitive data policy, a policy violation occurs and a ticket is generated. The ticket displays the following details:

  • Policy violation: The policy type that was violated, for example, unauthorized source code exposure:

    Policy violation