Data Privacy and Security Compliance

Global Regulations and Standards: Where Encryption for Data-at-Rest Applies


Title Green Bar What are Data Privacy and Security Regulations?

A significant number of Data Privacy and Security Regulations are in effect and increasing in expanse worldwide, relating to the protection of private and sensitive data. While some focus on the protection of specific industry information, others are more concerned with data loss and exposure incidents, often with serious consequences for non-compliance.

Many compliance standards today are concerned with the protection of data-at-rest. Some make specific technology recommendations for compliance. For all of them, however, encryption can be deployed to strengthen and satisfy protection requirements. Implementing appropriate encryption technologies can help you significantly reduce the threat of a breach and improve your security posture, all while complying with a number of data privacy regulations. 

Title Green Bar What is NIST and FISMA?

The National Institute of Standards and Technology (NIST) develop and publish standards and best practices for data and cybersecurity in the U.S. Government. These publications are often referenced in various data privacy and security regulations, such as HIPAA, PCI and FISMA.

The Federal Information Security Management Act (FISMA) is a U.S. legislation that defines a comprehensive framework to protect government information, operations and assets. FISMA applies to all U.S. federal agencies, contractors and other entities that handle federal data. Since FISMA is developed and implemented by the U.S. Government, it is considered a common framework for policy, and is regularly used by the private sector to meet compliance requirements.

Title Green Bar What is Data-at-Rest?

Data-at-Rest is data stored on desktops, laptops, removable media devices, in databases or file servers, or in Cloud infrastructure as a Service (IaaS). Unlike data-in-transit – data that’s actively moving from one location to another – data-at-rest is data that is not actively in transit or in use. While data-at-rest is sometimes considered to be less at risk than data-intransit, attackers often find data-at-rest a more valuable target.

Title Green Bar Why protect Data-at-Rest?

Sensitive data can be exposed to risk if a device is lost or stolen, or through vulnerabilities in virtual and cloud infrastructure. Encryption plays a major role in data protection and is a popular tool for securing data-at-rest from loss, theft or unauthorized access in physical, virtual and cloud environments. Protecting data-at-rest with encryption is also mandated by a number of data privacy and security regulations.

What types of Data are often affected?

Title Green Bar Personally Identifiable Information (PII)

PII can include data such as social security number, address, phone number, and other personally identifiable data that could potentially be used for identity theft or other criminal activity.

Title Green Bar Personal Health Information (PHI)

PHI includes sensitive patient and health data such as insurancerelated information, medical records, biological data and other patient-identifiable information which should not be publicly available.

Title Green Bar Financial Data

There are many types of financial data, but they often include credit card account numbers, tracking data, associated financial information or other credit-related information. For example, the Payment Card Industry Data Security Standard (PCI DSS) applies to all companies that accept, process, store or transmit credit card information.

Title Green Bar Military and Government Data

Any data related to government programs, especially those related to military departments and operations is strictly regulated.

Title Green Bar Proprietary Business Data 

Data that should not be made publicly available, such as trade secrets, research and business intelligence, management reports, customer information or internal sales data.

Laptop icon