A data security
The report details legal obligations for encryption of personal data resulting from industry compliance regimes, such as PCI DSS, national laws and local regulations.
Driven by news about cyber threats, security breaches and data loss, lawmakers and regulators are increasingly defining new obligations for data security, according to the US-based firm Vormetric. Encryption requirements have been a focus for the resulting new regulations, becoming a mandatory requirement for personal and financial data. In some cases, requirements have extended beyond encryption to include data access controls and threat pattern recognition.
Phil Lee, partner with FieldFisher, and editor of the report, said: “Persistent, high profile stories about organisations who have failed to adequately protect personal data from today’s enhanced levels of cyber threats are causing legislators and regulators globally to mandate stricter, more detailed protection requirements. We are witnessing a unique legal phenomenon; there is a global convergence of data security law and regulation around the issue of encryption so that it does not matter where in the world your organisation operates – regulators everywhere increasingly expect encryption of sensitive data, computers, databases and applications.”
Some points from the report:
– In Europe, overlapping mandates from European Union (EU) and national governments across the continent result in variations in requirement by jurisdiction. Meeting standards in this environment requires both a top down and bottom up review for global organisations
– Access rights and intelligent pattern recognition to private data protected by encryption are starting to take hold as parts of PCI DSS, ISO 27001 and as a result of EU jurisprudence rulings
– In the USA, overlapping federal regulations (HIPAA, GLBA, FCRA, SOX, FISMA), NIST standards for federal agencies, FTC expectations and 47 US State laws result in multiple drivers for the same requirement set – Encrypt personal and financial data, control access.
And Tina Stewart, Vormetric’s VP of marketing, said: “We will undoubtedly continue to see more moves toward increased mandates and legal obligations in the wake of so many high-profile security breaches and business losses. The report clarifies the issues and gives organisations an up-to-date snapshot of global and local requirements in prominent markets worldwide regarding how encryption technologies and access control solutions must be deployed to avoid regulatory penalties, sanctions and business risk.”
For complete details, download the report here.
