Compliance & Safe Harbor for State & Federal Breach Notification Laws
The Data Privacy Challenge
Ensuring data privacy is a critical task that can take many forms. Information that is subject to data privacy expectations or laws is generally referred to as Personally Identifiable Information (PII) and includes patient information (e.g. ePHI), personal financial data, credit cardholder information, employee information, and many other forms. At least 46 US states as well as numerous countries have passed privacy laws (e.g. California SB 1386, MA 201 CMR 17, EU Data Protection Directive) legislating the penalties associated with failures to secure PII. Organizations are especially challenged to locate and secure PII in platforms such as SharePoint and Office 365 due to lack of visibility into end-user activity. With the increased frequency and costs of data breaches and the class action lawsuits that follow, PII in collaboration portals and shared drives represents significant security and compliance risk for an organization.
CipherPoint Solutions for Data Privacy
The CipherPoint Eclipse suite provides auditing and security controls to help customers contend with the “perfect storm” of state, Federal, and international data breach disclosure laws, increased cybersecurity attacks and class action lawsuits. The CipherPoint Eclipse suite helps organizations mitigate security risks associated with PII, and avoid compliance penalties.
CipherPoint Eclipse Abilities
- Data Discovery – Pre-built data discovery rules to locate PII such as patient information and credit card numbers. Customers may also create their own discovery rules to identify PII based on custom patterns and keywords.
- Transparent Encryption – Transparent encryption for SharePoint documents and lists to meet safe harbor provisions associated with the use of data at rest encryption.
- Access Controls – Optional mandatory access controls to enforce business need to know – ensuring that only authorized users or groups may access PII, including limiting access to SharePoint and other IT administrators so they can maintain SharePoint without the ability to view sensitive data.
- Audit & Logging – Detailed activity audit and logging so organizations can quickly identify and respond to privacy incidents, and also prove that they had the automated security controls necessary for compliance and safe harbor.
CipherPoint Eclipse Compatible Products
Visit the products pages to learn more about how the CipherPoint Eclipse suite helps customers contend with the “perfect storm” of data breach disclosure laws.