In previous blog posts, we've explored how FileCloud's content classification engine can pair with metadata, DLP, and retention policies to create an automated and hyper-secure file sharing environment. Recently, Smart Content Classification received a glow-up in FileCloud v23.232, incorporating major functionalities like AI-powered classification, a rules playground, and a visual rule builder.

It's a lot of information to take in and a lot of power left to an automated system. But what does it actually mean for users to leverage this content classification engine? How can it help simplify workloads, streamline security, and support compliance requirements?

Well, that's what this blog post is all about! We're going to dive into an example case study that explores how FileCloud's Smart Content Classification can secure sensitive information and comply with GDPR without relying on manual processes.

Content Classification Use Case

Let’s take a look at how a PR firm with offices in Denmark, Greece, France, Ireland, and the UK would leverage FileCloud’s Smart Content Classification.

This PR firm is on retainer with a global healthcare organization headquartered in Belgium. The firm’s responsibilities include distributing human interest stories, handling breach reports, publishing press releases, and generally interfacing with the public.

The internal marketing team at the healthcare organization is responsible for passing along relevant information to the PR firm. However, because this information is coming from an EU-based organization and may include Personally Identifiable Information (PII), Protected Health Information (PHI), or other sensitive information pertaining to EU citizens, the data is subject to the General Data Protection Regulation (GDPR).

What does this mean for the PR firm?

The PR firm’s Data Protection Officer (DPO) and their team are responsible for the intake, storage, and management of files received from the healthcare organization. As a result, they must implement adequate data identification and security measures.

Furthermore, any employee with access to this data must meet certain security requirements. They will be subject to the data security protocols implemented and overseen by the PR firm's DPO.

How can the PR firm comply with GDPR and properly secure their collected information using FileCloud Content Classification?

The Content Classification Framework

With FileCloud’s Smart Content Classification, those with admin accounts (e.g., IT manager, DPO, CIO) can:

• Activate specific metadata sets containing patterns that fall under the “PII” or “PHI” category (first name, last name, phone numbers, national identification number, birthdate, etc.)
• Create relevant DLP rules, access/share permissions, and retention policies to secure any files tagged with “PII” or “PHI.”
• Leverage the visual rules builder and/or AI classifier to create classification rules.
• Ensure new rules successfullly identify and classify content by testing against a sample file in the rules playground.
• Initiate system scanning by launching new rules to identify and tag files.
• Monitor classification with regular reports and update or modify rules as needed.

Content Classification in Action

Once the classification rule and other policies are implemented, FileCloud can launch automated processes, such as:

• Apply access and share permissions (including DLP) for tagged files:
  • Now files will only be shared with authorized PR firm employees, reducing the risk of data leaks and insider threats.
• Apply retention policies to retain or delete data after a specified period of time:
  • The firm no longer needs to manually track when data enters the system or set reminders of when to archive or delete files. Retention policies will automatically move or delete data to comply with GDPR requirements. 
• Support federated search processes across the environment (text and OCR search):
  • DPOs and CIOs can easily search for content containing PII and PHI. This meets another element of GDPR, the right of a citizen to request information on their data (and for that data to be deleted).
• Find and audit content for custom reports:
  • DPOs and CIOs can create reports that capture content tagged with PII and PHI. This supports the PR firm's security board in optimizing internal processes and supporting external regulatory investigations. 

All these actions (and more) begin with FileCloud’s Smart Content Classification.

You can learn more about Content Classification in FileCloud by visiting our website or downloading our solution brief!

By Katie Gerhardt

Jr. Product Marketing Manager