NIST Privacy Framework : Our Essential Data Protection Guide


Spirion to add data retention schedules to its leading data protection platform

Inform Remediation of Sensitive/Restricted Data with global Data Retention Schedules

Spirion, a pioneer in data protection and compliance, today announced a new licensing arrangement with filerskeepers to add global, regulation-specific data retention schedules to Spirion’s Sensitive Data Platform (SDP). The solution automatically finds sensitive and personally identifiable information (PII) wherever it lives, classifies the data by its level of sensitivity and other context, and remediates it to align with regulatory requirements and company policies.

Data retention planning and enforcement is one of the most challenging tasks in any privacy program. Data privacy laws mandate that data should be held for “no longer than is necessary.”  Conversely, organizations must comply with disparate country, state and industry mandates that define how data must be stored and how long it must be retained; for example, physicians in the state of Florida must maintain medical records for five years, while hospitals must maintain these same records for seven years. Even within an organization, companies have different data retention requirements; for instance, payroll records have different retention requirements than financial records. Amidst this labyrinth of retention regulations, organizations struggle to build retention schedules and keep them up to date.

To ensure compliance, companies often take the simplest path and retain everything. This data hoarding comes with its own risks. Data that is kept longer than needed unnecessarily expands a company’s threat surface, providing bad actors with more sensitive and personal data to exfiltrate in the event of a data breach.

With the addition of the filerskeepers data retention schedules, Spirion users can confidently cite why they are storing data and for how long. Covering 217 countries and 205,155 retention periods, filerskeepers retention schedules include all legal and regulatory rules that prescribe or require specific timelines for the storage and deletion of redundant or obsolete sensitive data. Filerskeepers helps users comply with laws and regulations around the world. Their plain-English retention schedules prescribe how long a record should be minimally or maximally stored.

“Global organizations today are struggling to stay compliant with a broad and diverse array of geographical and industry-specific data retention mandates,” says Michael Kaczmarek, Spirion Head of Product. “With the addition of filerskeepers data retention schedules to the Spirion Sensitive Data Platform, customers gain ready access to data retention schedules to more efficiently manage the sensitive data they collect and store.”

How Spirion works with filerskeepers

Filerskeepers data retention schedules will be integrated into Spirion’s Sensitive Data Platform as part of its Data Asset Inventory (DAI), which catalogs all assets that contain sensitive or classified data across an organization’s IT environment — including on-premises, in the cloud, and endpoints, such as employee laptops.

For example, when setting up data content and hosting locations within the Data Asset Inventory, the integration with filerskeepers enables searching for and connecting application country-specific data retention schedules to Sensitive Data Platform’s metadata catalog.

Example of a data retention schedule

About Spirion

Spirion has relentlessly solved real sensitive data protection problems since 2006 with accurate, contextual discovery of structured and unstructured data; purposeful classification; automated real-time risk remediation; and powerful analytics and dashboards to give organizations greater visibility into their most at-risk data and assets. Spirion’s Privacy-Grade™ data protection software enables organizations to reduce risk exposure, gain visibility into their data footprint, improve business efficiencies and decision-making while facilitating compliance with data protection laws and regulations.

Want to know more? Contact us: