SOLUTIONS Compliance

CCPA

As of 2020, any company that does business with residents of California must comply with the California Consumer Privacy Act (CCPA). The CCPA offers wide protection for users’ personal information, including rights to be informed of business privacy practices, to access or delete personal information, and to deny third parties’ use of personal information. Compliance violations are punishable by fines of up to $7,500 per record plus the potential for class-action litigation.

None
CCPA Compliance Requirements

CCPA compliance software will bring to light what information your company’s website collects and how it is stored and used. You must know this information in order to respond to DSARs and confidently adhere to these requirements:

  1. Disclose to consumers what personal information has been collected in the preceding 12 months.
  2. Honor requests for deletion.
  3. Enable consumers to direct third parties not to use their personal information.
  4. Publish your privacy practices.
None
CCPA Compliance Solutions

Spirion’s CCPA compliance software solutions enable companies to meet the compliance regulations by finding, classifying and managing data. A software solution benefits your organization by:

  • Precisely locating personal information wherever it resides across the enterprise.
  • Providing data classification capabilities that offer complete protection for data at rest.
  • Including options for data encryption, deletion, or quarantine.
  • Offering a management dashboard that provides insightful reports on the state of the business’s data protection program.

GDPR

Whether or not you have a business presence in the European Union, if your company stores or processes personal information about EU citizens within EU states you must comply with the GDPR or face penalties. The GDPR regulates the collection and processing of EU personal data. Rights of EU data subjects include transparent data collection and processing practices, access to collected data, and correction and deletion of personal data. Transferring personal data outside of the EU is subject to multiple requirements. Violations of the regulation can result in fines of up to the greater of 4% of the offender’s gross revenue or €20M.

None
GDPR Compliance Requirements

Insights into your company’s use, storage and distribution of data are necessary to follow the requirements of GDPR. The GDPR requires organizations to:

  1. Accurately identify all personal data under their control.
  2. Give data subjects access to their personal data.
  3. Maintain data security.
  4. Notify authorities of data breaches.
  5. Police third-party processing of personal information.
  6. Keep timely and accurate records of data protection activities.
None
GDPR Compliance Solutions

A GDPR compliance solution can advance an organization’s compliance and prevent costly GDPR fines. A Spirion software solution can advance GDPR compliance by:

  • Identifying personal data wherever it resides across the enterprise.
  • Assisting in the development of a comprehensive data inventory.
  • Using Spirion’s data classification capability it promotes data-at-rest security.
  • Provides a management dashboard that enables organizations to execute their data protection programs.

HIPAA, HITECH and CMIA

Several laws dictate how organizations must handle personal information related to health and medical care, each with stiff penalties for violations. The Health Insurance Portability and Accountability Act (HIPAA) was enacted in 1996 to, in part, protect patients’ protected health information (PHI). The Health Information Technology for Economic and Clinical Health Act (HITECH) was passed in 2009, extending HIPAA requirements to business associates of healthcare providers. The Confidentiality of Medical Information Act (CMIA) is California’s extension of HIPAA to individually identifiable medical information held by employers. HIPAA penalties are assessed on four tiers, ranging from $100 to a maximum of $1.5 million per violation per year.

None
Requirements to Comply with HIPAA, HITECH and CMIA

Any organization that handles healthcare information directly or in partnership with a healthcare company must put safeguards in place to manage electronic personal healthcare information (ePHI). They must also be prepared to respond immediately and appropriately to a data breach.

HIPAA requirements and HITECH requirements include:

  1. Encryption
  2. Access controls
  3. Risk management
  4. Auditing
  5. Monitoring
  6. Reporting breaches of unsecured PHI

Compliance requirements for CMIA are even more stringent and apply to any entity that handles the personal information of California residents.

None
HIPAA Compliance Solutions

A software solution is necessary for HIPAA data classification. The right tool can locate and identify ePHI across networks and endpoints, guarding against a security breach and meeting the requirements of HIPAA, HITECH and CMIA. Spirion provides healthcare security and privacy officials and their staffs with the ability to:

  • Rapidly develop precise, timely inventories of ePHI.
  • Create inventories that assist in protecting patient confidentiality, policing and meeting the mandates of business associate agreements.
  • Conduct privacy impact assessments (PIAs).
  • Implement breach notification plans.
  • Transform paper policies into dynamic programs for executing technical safeguards using data classification technology.

PCI-DSS

Any entity that processes payment cards must adhere to the Payment Card Industry Data Security Standard (PCI-DSS), the information security standard mandated by the payment card brands (Visa, Mastercard, etc.). PCI DSS apply to entities that accept card payments as well as developers and manufacturers of applications and devices used in financial transactions. Failure to protect payment card data can result in fines as high as $500,000 per incident as well as losing the ability to continue processing payments.

None
PCI DSS Requirements

Whether you process one or two credit card payments at a time or thousands per day, your business has a responsibility to protect the financial information of your customers. PCI-DSS compliance requires the execution of 12 security controls, including:

  1. Protecting cardholder data
  2. Tracking and monitoring all access to network resources and cardholder data
  3. Maintaining an information security policy
None
PCI Compliance Software

Spirion provides PCI compliance software solutions designed to protect and encrypt payment information as it moves between your company and its customers. Spirion provides security leaders and their staffs with the ability to:

  • Identify the location and map the flows of cardholder data.
  • Encrypt data at rest.
  • Establish an early-warning system for potential policy violations.
  • Support the terms of agreements with payment processors and financial institutions.

ADDITIONAL COMPLIANCE CAPABILITIES

In addition to CCPA, GDPR, HIPAA/HITECH/CMIA, and PCI-DSS, the Spirion data discovery, classification, and protection capabilities also help organizations meet these compliance regulations.

REGULATIONS
  • Gramm-Leach-Bliley Act (GLB Act or GLBA)
  • Family Educational Rights and Privacy Act (FERPA)
  • Defense Federal Acquisition Regulation Supplement 7012 (DFARS)
  • New York State Department of Financial Services Part 500 (NYDFS)
  • NAIC Insurance Data Security Model Law
  • Privacy Act of 1974
  • State Data Protection Laws
Spirion

Ready to get started?

Schedule a personalized demo with one of our data security experts to see Spirion data protection solutions in action.

Request a demo