Showing results for 
Search instead for 
Did you mean: 
Occasional Member - Level 1

Concur Data Disposal Process - What all fields considered as Sensitive Data

In the Concur Data disposal process, concur considers some data as "Sensitive" & remove it after a maximum of 12 months from the date of Inactivating the data once the Data retention process is activated for the instance.


However, when asked Concur support which all fields considered to be "Sensitive" data, they have only provided generic information as examples like SSN Number, Passposr No. etc. but have not shared the exact all fields that which all fields exactly removed as part of "Sensitive" data when we activate the Data  Retention Policy.


Has anyone came across similar requirement? & are you able to share your input on how to manage this part & how can we get to know which all fields exactly considered as "Sensitive" Data?



Occasional Member - Level 2

Hi, we are dealing with the same issue. We need clarification of "Sensitive Data", what is covered by category "Invoice", "Expenses", but we only received this manual:Shared: Data Retention Setup Guide for Concur Standard Edition (

Community Manager
Community Manager

@ArifM57 I am not an expert in this area, but from what I've heard and how I understood it, any data that can identify that person is considered sensitive. So, SSN, first name, last name, email address. I wasn't able to find an external/customer facing all encompassing list of the the sensitive data items.

Thank you,
Kevin Dorsey
SAP Concur Community Manager
Did this response answer your question? Be sure to select “Accept as Solution” so your fellow community members can be helped by it as well.