Compliance

Organizations conducting business in California collecting personal information must:

1. publish their privacy practices,
2. disclose to consumers what personal information has been collected in the preceding 12 months,
3. honor requests for deletion,
4. and enable consumers to direct third parties not to use their personal information.

Spirion advances compliance with the CCPA by:

• precisely locating personal information wherever it resides across the enterprise
• providing data classification capabilities that offer complete protection for data at rest,
• including options for data encryption, deletion, or quarantine
• offering a management dashboard that provides insightful reports on the state of the business’s data protection program.

The GDPR requires organizations to

1. accurately identify all personal data under their control,
2. give data subjects access to their personal data,
3. maintain data security,
4. notify authorities of data breaches,
5. police third-party processing of personal information,
6. and keep timely and accurate records of data protection activities.

Spirion advances organizations’ compliance with GDPR by:

• identifying personal data wherever it resides across the enterprise
• assisting in the development of a comprehensive data inventory
• using Spirion’s data classification capability it promotes data-at-rest security,
• and provides a management dashboard that enables organizations to execute their data protection programs.

HIPAA/HITECH requires organizations to implement safeguards for electronic personal healthcare information (ePHI), including:

1. encryption,
2. access controls,
3. risk management,
4. auditing,
5. monitoring,
6. along with reporting breaches of unsecured PHI.

Spirion provides security and privacy officials and their staffs with the ability to:

• rapidly develop precise, timely inventories of ePHI
• create inventories that assist in protecting patient confidentiality, policing and meeting the mandates of business associate agreements,
• conduct privacy impact assessments (PIAs),
• implement breach notification plans.
• using the data classification technology, transform paper policies into dynamic programs for executing technical safeguards.

PCI-DSS compliance requires:

1. the execution of 12 security controls,
2. including protecting cardholder data,
3. tracking and monitoring all access to network resources and cardholder data,
4. and maintaining an information security policy.

Spirion provides security leaders and their staffs with:

• the ability to identify the location and map the flows of cardholder data,
• encrypt data at rest,
• establish an early-warning system for potential policy violations,
• and support the terms of agreements with payment processors and financial institutions.