There are many regulations and compliance in effect that relate to protection of sensitive and confidential or private data. Some of these regulations are focused on protecting information for specific industries and some are focused on how information disclosure takes place. These regulations and compliance factor data loss incidences and in general privacy attributes.
Of all the regulations and compliance, the main concern is towards protection of data when its stored, during transmission and when it moves along networks. Some of these regulations make specific recommendations of technologies that need to be used to get the compliance. However, for all these regulations as long as there is proper encryption, most of their requirements are satisfied. If you identify the data that needs protection and locating the information that is in transit and then implementing proper encryption, you can significantly improve your security compliance requirements which cover all the regulations.
Galaxkey is perfect product to cover all the encryption needs – data in store and transmission. The following section lists all the compliance and regulations world over. Each compliance and regulation is region specific and are dictated by the law of the land.
Most of the data fall in either of the following categories
- Financial or Banking data
- All data that include your personal financial information
- Credit card information
- Bank account numbers
- Financial data of public companies
- Insurance details
- Credit ratings
- Private Individual data
- Social security numbers
- Individual addresses
- Personally identifiable data that could be used potentially for identity theft
- KYC data
- Military and Government data
- All data specific to government programs more specific related to policies
- All military data pertaining to national security
- Business sensitive data
- Trade secrets
- Business intelligence data
- Management Reports
- Corporate business information for IT configurations
- Personal health data
- Confidential patient information
- Patient address details
- Patient reports and records
In almost all countries the above categories have strict regulatory compliances which incur heavy penalties on failure. The regulations are targeted to
- Data at rest – Network storage, file storage, desktop machines, mobile phones and any device that is capable of holding information. This also includes data in archive.
- Data in transmission – Any data being sent via internet or any medium where electronic transmission takes place.
Following are some of the prominent regulations world over that govern the need to have encryption of data in both rest and transmission. Galaxkey provides an ideal solution to help industry comply with the regulations.
Focus: Handling of Personal Information
Scope: United Kingdom – Applicable to all businesses & government
Repercussions: Data forfeit and criminal and civil penalties
Focus: Protection of electronic patient healthcare data and information.
Scope: Global. Applicable to all health industry, pharmaceuticals and support industry.
Repercussions: Criminal and Civil for exposure of data or fraudulent behaviour.
Focus: Protection of private information
Scope: Germany – Applicable to all businesses & government
Repercussions:Various penalties for misuse.
Focus: Protection of private information
Scope: European Union – Applicable to all businesses & government
Repercussions: Not specifically stated.
Focus: Protection of payment card data (Credit/Debit Cards) with processing, transmission & storage
Scope: Global. Originally specified by Mastercard and Visa and accepted by other card companies as well.
Repercussions: Significant fines for non-compliance and potential loss of payment card capabilities.
Focus: Protection of private data in the financial services industry.
Scope: USA for banking and financial services.
Repercussions: Significant fines and potential criminal charges.
Focus: Protection of sensitive data related to financial reporting in public companies Provide guidance for public companies in designing and reporting on the controls in place for protecting financial information.
Scope: Global for all businesses.
Repercussions: Civil and criminal for exposure of data or fraudulent behaviour.
DS5.8 Cryptographic Key Management: Determine that policies and procedures are in place to organise the generation, change, revocation, destruction, distribution, certification, storage, entry, use and archiving of cryptographic keys to ensure the protection of keys against modification and unauthorised disclosure.
DS5.11 Exchange of Sensitive Data: Exchange sensitive transaction data only over a trusted path or medium with controls to provide authenticity of content, proof of submission, proof of receipt, and non-repudiation of origin.
DS11.6 Security Requirements for Data Management: Define and implement policies and procedures to identify and apply security requirements applicable to the receipt, processing, storage and output of data to meet business objectives, organisational security policy, and regulatory requirements.
Focus: International standard for operational and financial risk management for banking institutions.
Scope: Global for all banking.
Repercussions: Requirements to reserve greater levels of operating capital, less favourable pricing in financial markets.
Focus: Protection of sensitive data related to financial reporting in public Enhancement of internal controls over financial reporting data.
Scope: Japan. Banking and Financial services.
Repercussions: Heavy penalties.