BY SPIRION
July 23, 2025
Sensitive data evolves by the minute and regulations can change overnight. Understanding where your data lives, and how it’s defined is no longer optional. It’s essential.
In the recent “Hidden Data. Thriving Threats.” webinar, Spirion CEO, Kevin Coppins, opened the discussion with a powerful truth: Data you stored 20 years ago may now be highly sensitive and legally toxic.
The New Reality of Sensitive Data
“SPI” stands for Sensitive Personal Information, but as Kevin explained, even the definition of sensitive has changed dramatically. What once covered obvious categories like Social Security numbers and birthdates now includes:
- IP and MAC addresses
- Location data and log files
- Behavioral and emotional patterns inferred by AI
- Political, biometric, or gender preference data
With AI, even your seven-year-old social media posts can be scraped and reprocessed without your consent. The result? Entirely new categories of personal data are being created faster than they can be regulated.
“Since we started this call, there are probably three new sensitive data definitions out there.”
—Kevin Coppins, CEO, Spirion
The Problem with Data Debt
Every organization is sitting on years, even decades, of legacy data. At the time it was created, it may have seemed harmless or inert. Today, it’s a regulatory minefield. And the demand for that data is only growing.
Executives want to feed Large Language Models (LLMs) to unlock new insights. Analysts are pushing for deeper historical context. But Kevin issued a warning. “They say, ‘Just keep pouring it in and we’ll be smarter.’ But what if that old data contains information that’s now regulated under GDPR, CPRA, or HIPAA?” he asked.
How Data Sprawls Without You Noticing
To make the risk real, Kevin shared a common example:
Someone gets hired. HR requests ID verification. A passport photo is taken and sent to a recruiter. Then to a hiring manager. It’s copied to OneDrive. Maybe even forwarded to a personal inbox. The result? One sensitive document ends up in 53 places in just 15 minutes.
Multiply that by hundreds or thousands of hires, and your data sprawl becomes a liability snowball.
Figure 1: Expansive data sprawl can happen within minutes.
The Uncomfortable Truth: Most Orgs Don’t Know What They Have
Many teams say, “We’re in the cloud,” but overlook what’s sitting on endpoint hard drives or inside legacy systems. And when asked how much sensitive data they have, most still answer, “I don’t know.”
That’s the real danger: not the data you know about, but the hidden data you don’t. If your organization isn’t actively tracking how data definitions and liabilities are evolving, you may already be exposed.
