Regulatory Compliance
Information - The World’s New Currency
Information has become the world’s new currency, and more and more enterprises find themselves exchanging files that contain private or confidential information. But a growing number of high profile incidents in which customer records, employee information, and intellectual property have been leaked, lost, or stolen have driven government and industry organizations to put in place stringent new security and privacy regulations. These regulations require organizations to protect the integrity of customer and employee personal information and corporate digital assets by encrypting and controlling data in motion and data at rest. Some of these regulations include:
- Payment Card Industry Data Security Standard (PCI DSS) - Requires the protection of sensitive payment account data (such as primary account number (PAN), magnetic stripe data, CVV, and PIN) by any company that processes, stores, and transmits such data.
- Gramm-Leach-Bliley Act (GLBA) - U.S. financial institutions are required to protect clients’ nonpublic personal information in transit and at rest.
- Health Insurance Portability and Accountability Act (HIPAA) - All U.S. healthcare organizations must protect the confidentiality and integrity of patient information in transit and at rest.
- Sarbanes-Oxley (SOX) - Section 404 of the Sarbanes-Oxley Act requires U.S. public companies to establish effective internal controls over financial reporting. In practice, this often means using strong authentication technologies to ensure that only authorized users are able to access sensitive information contained in files, folders and email messages, and to apply encryption and digital signatures to this data while it is in transit, to prevent unauthorized access and to verify that the data was not changed.
- National Credit Union Administration (NCUA) - Requires U.S. federally-insured credit unions to establish a security program that addresses the privacy and protection of customer records and information.
- Federal Financial Institutions Examination Council (FFIEC) - The FFIEC issues operating standards for financial institutions, including the use of information technology. FFIEC compliance requires enterprises to deploy robust encryption solutions that protect information from disclosure, on the financial institution's own network and on shared external networks. Sensitive information should be encrypted when passing over a public network and also may be encrypted within the institution.
- Family Educational Rights and Privacy Act (FERPA) - Requires educational institutions that receive funding from the US Dept of Education to encrypt all confidential or sensitive non-personal student information.
- Food and Drug Administration (FDA) 21 CFR Part 11 - Requires health sciences entities such as biotechnology firms, pharmaceutical research organizations, doctors, clinics, hospitals, HMOs and pharmacies to encrypt patient data in transit and at rest.
- U.S. State Breach Disclosure - Modeled after California's S.B. 1386, many states have adopted laws that require any business that collects and stores personal customer information to notify individuals when their unencrypted personal information was put at risk by a data security breach.
- Personal Information Protection and Electronic Documents Act (PIPEDA) - A Canadian law that requires that personal information collected by companies must be protected by security safeguards, such as the use of passwords and encryption.
- European Union Data Protection Directive (EUDPD) - Requires that consumer personal data collected online by companies must be reasonably protected to ensure that it is reliable for its intended use and reasonably protected against loss; misuse; and unauthorized access, disclosure, alteration, and destruction. For example, encryption of electronic data is not mandated, but a failure to encrypt some sensitive data could be deemed "unreasonable."
- Personal Information Privacy Act (PIPA) - A Japanese law that requires medical, financial credit, and telecommunications companies to ensure that personal data are kept secure from loss and unauthorized access and disclosure.
- Personal Data (Privacy) Ordinance - A Hong Kong regulation to protect the privacy interests of living individuals in relation to personal data. Requires that all practicable steps shall be taken to ensure that personal data held by a data user are protected against unauthorized or accidental access, processing, erasure or other use having particular regard to any measures taken for ensuring the secure transmission of the data.
How Neovan Helps
Neovan CloudFile helps regulated organizations protect the confidentiality, integrity, and availability of sensitive information in their control by ensuring that transferred data is encrypted both in transit and at rest. In addition, Neovan Cloudfile provides a detailed audit trail for every file transfer, so that organizations can prove that their infrastructure is in compliance with regulatory guidelines.
See for yourself how easy it is to send large files securely with Neovan. Sign up for a Free Trial now!