Compliance Solutions

If your company needs to comply, look no further

Protegrity’s Data Security Platform is focused entirely on helping your business achieve compliance with the PII protection elements of US Federal and State legislation (as of November 2010, 46 states have local data breach legislation in place in addition to federal statutes). US Federal regulatory requirements include the Payment Card Industry Data Security Standards (PCI-DSS), HIPAA-HITECH, GLBA, Sarbanes Oxley and others; equivalent legislation in Canada, the European Union, and other markets also apply to any business operating in or with customers in those markets.

It is important to remember that, while regulatory standards represent the minimum level of security required to protect sensitive data, defining and implementing a broad-based security policy within your organization will also support the protection of your brand reputation and stockholder/customer confidence. Protegrity will be pleased to assist you in identifying best practices for your market sector.

PCI Compliance

Since December 2004, all the major credit card companies came together to agree on a comprehensive set of data security requirements – the Payment Card Industry (PCI) Data Security Standards. These standards replaced the credit card companies’ individual programs and brought to the industry a consistent set of standards for data security.

The purpose of the PCI Data Security Standards is to ensure that all financial institutions, merchants, e-commerce companies, and their agents and service providers implement basic security standards to protect and secure all credit cardholder data. More specifically, organizations are responsible for having the necessary security policy, systems and auditing infrastructure in place to protect and secure the strict privacy of credit card and customer data throughout the entire transaction process.

For more information, visit the PCI-DSS Security Standards Council website. Back to top

HIPAA & HITECH Compliance

HIPAA, the Health Insurance Portability and Accessibility Act, was originally designed to make health insurance coverage simpler and more transparent for policyholders. Making health data both more portable and more accessible introduced major privacy concerns that affect not only health services providers and insurers but also insurance agencies and HR departments – any organization with access to confidential health records is required to abide by the information privacy aspects of HIPAA. The HIPAA Security Rule specifies the administrative, physical, and technical safeguards that must be used to assure the confidentiality, integrity, and availability of electronic Protected Health Information (PHI).

The Health Information Technology for Economic and Clinical Health (HITECH) Act was enacted as part of the American Recovery and Reinvestment Act of 2009 to promote the adoption and meaningful use of health information technology.  The data security sections of the HITECH Act were developed to require organizations that handle PHI to meet baseline criteria for protecting that data in motion, in use, at rest and at disposal. The HITECH Act reinforces HIPAA to encourage use of electronic patient records and to deliver stricter data protection regulations for more secure patient privacy.

For more information on HIPAA and HITECH, visit the US Department of Health and Human Services website. Back to top

PII Protection

Personally Identifiable Information (PII) – Social Security and National Insurance numbers, customer and employee records, financial and insurance claims data – represents the most valuable currency on the black market today. PII opens the door to identity theft, bank and insurance fraud, and economic and political espionage. Clearly, it is key to the security of individuals, businesses, and governments alike to protect that data at all times, whether it is at rest or in transit, hence the evolution of increasingly complex data protection legislation.

The common thread running through the maze of mandatory information security regulations is the protection of PII. While there is no silver bullet software or service solution that will ensure compliance with every regulation in the world, protecting PII will go a long way towards meeting the duties of due care required by these regulations, keeping customer and employee data secure and auditors happy. Back to top