Regulatory Challenges
Under new and existing regulatory initiatives, organizations
are required to scrupulously and continuously comply with evolving
data security standards. Safend has tailored its Auditor and Protector
solutions specifically to organizations concerned about achieving
or maintaining compliance with regulations such as HIPPA, SOX, GBLA,
PIPE, DPA and others.
Safend Solutions
All regulatory initiatives dealing with personal and confidential
information protection presuppose complete organizational control
of network activity. These standards demand ongoing and highly-granular
visibility into exactly what users are doing, and immediate remedy
of breaches with a clear audit trail.
Nowhere is regulatory compliance more at risk than at the endpoint.
Organizations that spend months (and millions) on in-depth compliance
consulting, process documentation, and compartmentalized access
control can face litigation or regulatory sanctions when a trusted
employee copies personal medical records onto a USB key, or downloads
financial information onto an MP3 player.
Safend solutions provide organizations with both the visibility
and control needed to achieve and maintain compliance – delivering
highly-granular control over who does what with sensitive data,
and ensuring that every single endpoint data action is always in-line
with relevant regulations and company policy.
Relevant Legislation
Safend solutions can help your enterprise meet the requirements
of the following legislation acts:
- HIPAA (US)
In 1996, Congress enacted the Health Insurance Portability
and Accountability Act (HIPAA). A key goal of HIPAA is to protect
medical records by establishing transaction standards for the
exchange of health information, security standards, and privacy
standards for the use and disclosure of individually identifiable
health information.
More
information on HIPAA
- SOX (US)
The Sarbanes-Oxley (SOX) Act of 2002 was developed to protect
investors by improving the accuracy and reliability of corporate
disclosure. Section 404 of the Act requires all public companies
to assess and report on the effectiveness of internal controls
and procedures for financial reporting, including access and
dissemination of sensitive financial information.
More information on SOX
- GBLA (US)
The Gramm-Leach-Bliley Act, also knows as GBLA, seeks to
protect the personal information of consumers stored in financial
institutions. The Act requires all financial institutions to
implement and maintain security measures to protect customer
information and prevent unauthorized access and use of customer
records.
More information on GBLA
- PIPED (Canada)
The Personal Information Protection and Electronic Document
Act mandates that appropriate security measures be applied to
personal data obtained on the course of commercial transactions.
More information on PIPED
- SB 1386 (California, US)
The California Information Practice Act or Senate Bill 1386
that went into affect on July 2003 requires state agencies or
companies that conduct business in California and own or license
computerized personal information, to disclose any breach of
security to any resident whose unencrypted data is believed
to have been disclosed.
More information on SB 1386
- 95/46/EC (Europe)
European Union Directive 95/46/EC is a sweeping European
Parliament directive designed to protect individuals from unregulated
personal data access or transfer.
More
information on 95/46/EC
- DPA (UK)
The Data Protection Act mandates that the processing of sensitive
personal data should be carried out with appropriate security
in the interests of protecting the individual rights and privacy.
DPA prohibits the disclosure of personal data to any third party
without the explicit consent of the targeted subject.
More information on DPA

|