<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1424789497837018&amp;ev=PageView&amp;noscript=1">

Part 4: Data Compliance Challenges

ComplianceCollage.jpgAs increasing amounts of critical and sensitive data comes to be stored with businesses and consequent to some situations where significant amounts of data have been lost or stolen, regulatory pressure to ensure protection of sensitive data continues to increase.

As new threats are discovered, we can expect regulations to get tighter. Requirements will continue to change and evolve. The US does not have one single law governing data security. There are a number of Federal and State laws on the subject. Some key regulations / standards are -

  • Laws such as Sarbanes-Oxley Act (SOX) of 2002
  • The executive order recently issued by President Obama on protection of critical infrastructure and services from cyber attack
  • The Federal Trade Commission Act - covering offline and online data security
  • Financial Services Modernization Act (also known as Gramm-Leach-Bliley Act (GLBA)) - relates to the disclosure of personal information that is not in the public domain.
  • Health Insurance Portability and Accountability Act (HIPPA) - regulates security to be provided to protected health information
  • Health IT for Economic & Clinical Health Act (HITECH)
  • Payment card industry data security standards

At least 46 US States have enacted laws that require companies to notify if they have had any breaches of private data. 29 of these states have laws that require companies to ensure that individuals’ data cannot be deciphered or read.

If you are in possession of personal data that belongs to your clients, employees or other individuals, you are responsible for its security and for compliance with all regulatory provisions. It does not matter where you choose to store the data or which third party you entrust it to, the responsibility stays with the company that owns the data.

Achieving Compliance

CloudMask’s patent pending persistent encryption technology ensures compliance with regulatory requirements for data protection. The CloudMask solution ensures that your data is never in clear text even if it is being processed by a third party cloud-based solution. From the moment of its generation, your data is protected by CloudMask. It is encrypted as it leaves your end device and it stays encrypted in transit, processing and storage. There is no loss of application functionality or any requirement to re-write any applications to make them compatible with CloudMask security.

Protection Under Breach

With CloudMask, only your authorized parties can decrypt and see your data. Not hackers with your valid password, Not Cloud Providers, Not Government Agencies, and Not even CloudMask can see your protected data. Twenty-six government cybersecurity agencies around the world back these claims.

TRY IT NOW

Watch our video and demo at www.vimeo.com/cloudmask

 

 

Related posts

Turn regulatory headaches into a competitive advantage
Turn regulatory headaches into a competitive advantage January 02, 2018
Why the government isn't a fan of commercial encryption
Why the government isn't a fan of commercial encryption November 16, 2017
Why Your Data Security Strategy Should Include Data Masking
Why Your Data Security Strategy Should Include Data Masking September 19, 2017
ITAR compliance: ignorance is no excuse
ITAR compliance: ignorance is no excuse August 04, 2017
Does Data Residency Reduce Cloud Risks?
Does Data Residency Reduce Cloud Risks? May 21, 2017
How can we use the cloud and comply with global privacy laws?
How can we use the cloud and comply with global privacy laws? April 13, 2017