None

SOLUTIONS

Compliance

CCPA

The California Consumer Privacy Act (CCPA) offers wide protection for the personal information of California residents, including rights to be informed of business privacy practices, to access, to delete personal information, and to deny third parties’ use of personal information. Compliance violations are punishable by fines of up to $7,500 per record plus the potential for class-action litigation.

Is your organization CCPA compliant?

The January 1, 2020 CCPA deadline is quickly approaching. Make sure your organization is ready.

None
CCPA Requirements

Organizations conducting business in California collecting personal information must:

  1. publish their privacy practices,
  2. disclose to consumers what personal information has been collected in the preceding 12 months,
  3. honor requests for deletion,
  4. and enable consumers to direct third parties not to use their personal information.
None
Organizational Readiness

Spirion advances compliance with the CCPA by:

  • precisely locating personal information wherever it resides across the enterprise
  • providing data classification capabilities that offer complete protection for data at rest,
  • including options for data encryption, deletion, or quarantine
  • offering a management dashboard that provides insightful reports on the state of the business’s data protection program.

Related Resources

resource
CCPA Compliance

In the first six months of 2019, U.S. state legislatures or regulatory agencies have brought into force more consumer‑centric data protection laws than in all of 2018. Learn how these regulations impact your business.
Download our Data Sheet
None

GDPR

The GDPR regulates the collection and processing of EU personal data. Rights of EU data subjects include transparent data collection and processing practices, access to collected data, and correction and deletion of personal data. Transferring personal data outside of the EU is subject to multiple requirements. Violations of the regulation can result in fines of up to the greater of 4% of the offender’s gross revenue or €20M.

None
Requirement

The GDPR requires organizations to

  1. accurately identify all personal data under their control,
  2. give data subjects access to their personal data,
  3. maintain data security,
  4. notify authorities of data breaches,
  5. police third-party processing of personal information,
  6. and keep timely and accurate records of data protection activities.
None
Readiness

Spirion advances organizations’ compliance with GDPR by:

  • identifying personal data wherever it resides across the enterprise
  • assisting in the development of a comprehensive data inventory
  • using Spirion’s data classification capability it promotes data-at-rest security,
  • and provides a management dashboard that enables organizations to execute their data protection programs.

Related Resources

resource
GDPR Remediation Projects: Where to Start, How to (Still) Beat the Deadline
resource
GDPR: Ways to Accelerate Data Protection (featuring Forrester)
resource
GDPR Compliance

To learn more about how to ensure your business is GDPR compliant, contact a Spirion expert now.

TRY NOW
None

HIPAA/HITECH/CMIA

The Health Insurance Portability and Accountability Act (HIPAA) was enacted in 1996 to, in part, protect patients’ protected health information (PHI). A follow-up law, the Health Information Technology for Economic and Clinical Health Act (HITECH) was passed in 2009. The Act extends HIPAA requirements to business associates of healthcare providers. The Confidentiality of Medical Information Act (CMIA) is California’s extension of HIPAA to individually identifiable medical information held by employers. HIPAA penalties are assessed on four tiers, ranging from $100 to a maximum of $1.5 million per violation per year.

None
Requirement

HIPAA/HITECH requires organizations to implement safeguards for electronic personal healthcare information (ePHI), including:

  1. encryption,
  2. access controls,
  3. risk management,
  4. auditing,
  5. monitoring,
  6. along with reporting breaches of unsecured PHI.
None
Readiness

Spirion provides security and privacy officials and their staffs with the ability to:

  • rapidly develop precise, timely inventories of ePHI
  • create inventories that assist in protecting patient confidentiality, policing and meeting the mandates of business associate agreements,
  • conduct privacy impact assessments (PIAs),
  • implement breach notification plans.
  • using the data classification technology, transform paper policies into dynamic programs for executing technical safeguards.

Related Resources

resource
Athena Health
resource
Featuring Forrester “Data Classification: Building a Foundation for Data Security and Privacy”

To better understand how your organization can be compliant with both PHI and HIPAA regulations, contact a Spirion expert now.

TRY NOW
None

PCI DSS

The Payment Card Industry Data Security Standard (PCI-DSS) is the information security standard mandated by the payment card brands (Visa, Mastercard, etc.) for use by any entity that processes payment cards. Failure to protect payment card data can result in fines as high as $500,000 per incident as well as losing the ability to continue processing payments.

None
Requirement

PCI-DSS compliance requires:

  1. the execution of 12 security controls,
  2. including protecting cardholder data,
  3. tracking and monitoring all access to network resources and cardholder data,
  4. and maintaining an information security policy.
None
Readiness

Spirion provides security leaders and their staffs with:

  • the ability to identify the location and map the flows of cardholder data,
  • encrypt data at rest,
  • establish an early-warning system for potential policy violations,
  • and support the terms of agreements with payment processors and financial institutions.

Related Resources

resource
Implementing an Enterprise Data Classification Strategy and Schema in Highly Regulated Industries
resource
Featuring Forrester “Data Classification: Building a Foundation for Data Security and Privacy”

To learn more about how to identify, classify and protect your financial data, contact a Spirion expert now.

TRY NOW
None

ADDITIONAL COMPLIANCE CAPABILITIES

In addition to CCPA, GDPR, HIPAA/HITECH/CMIA, and PCI-DSS, the Spirion data discovery, classification, and protection capabilities also help organizations meet these compliance regulations.

REGULATIONS
  • Gramm-Leach-Bliley Act (GLB Act or GLBA)
  • Family Educational Rights and Privacy Act (FERPA)
  • Defense Federal Acquisition Regulation Supplement 7012 (DFARS)
  • New York State Department of Financial Services Part 500 (NYDFS)
  • NAIC Insurance Data Security Model Law
  • Privacy Act of 1974
  • State Data Protection Laws

Related Resources

resource
Beating DFARS 7012 NIST 800-171 Compliance Deadline
resource
How West Virginia University Reduced Its Sensitive Data Footprint
Spirion

Ready to get started?

Schedule a customized risk assessment with one of our data security experts to see Spirion data protection solutions in action.

TRY NOW