InfoWatch is a privately-held company, delivering its enterprise customers software solutions to monitor and manage information flow (founded by Kaspersky Lab)
You are here
GOVERNANCE, COMPLIANCE AND RISK MANAGEMENT
Regulatory compliance is usually a driver for data loss prevention when it comes to personally-identifiable information. Nearly every company today should comply with governmental or industrial rules and regulations whether Health Insurance Portability and Accountability Act (HIPAA), the Gramm-Leach-Bliley Act (GLB), Sarbanes-Oxley (SOX), the Payment Card Industry Data Security Standard (PCI DSS), European Union Data Protection Directive, etc.
The more globally dispersed the organization, the more impact international law has on policy and workforce monitoring. Though privacy laws and regulations vary from country to country, there are a number of requirements that should guide the formation of policy that enables the organization to demonstrate compliance:
- Protect security of the data itself
- Demonstrate regulatory compliance
- Safeguard employee privacy
What are the typical compliance requirements?
- Company internal policies & standards
- External rules and regulations
- Industry standards
- Customer (security) requirements
Inability to meet these compliance requirements can result in severe reputational damage and regulatory fines.
| PCI-DSS | SOX | GLBA | HIPAA | |
| Industry | Retailers, merchants, payment processors, acquirers | All publicly traded companies | Banks, financial Institutions, insurers, securities brokers | Healthcare providers, health plans and self-insured employers |
| Data Example | Cardholder data and sensitive information, including: primary account number, name, service code and expiration date | Un-announced financial data, trade secrets | Names, addresses, phone numbers, bank and credit card account numbers and social security number | Names, addresses, phone numbers, e-mail, date of birth, social security number, medical record number, insurance benefit number. |
| Penalties | $500,000 per incident for noncompliance; loss of certification, business and consumer confidence; cessation of ability to process transactions | Up to $5M plus prison time, depending on intent. | Up to $100,000 per violation | Failure to comply: up to $25,000. Wrongful disclosure: up to $250,000, depending on pretense and intent, plus prison time. |
InfoWatch offer for compliance and risk management
InfoWatch data monitoring, analysis and protection solutions enable compliance by providing the following:
- Forensic storage (archive) and investigation tools
- Control over the information flow (electronic communication channels)
- Data-at-rest and data-in-motion security
Customer benefits with InfoWatch solutions
Understanding of corporate data flow specifics and company public image facilitates efficient decision-making for corporate governance, compliance and risk management. InfoWatch data monitoring and classification products – InfoWatch Traffic Monitor Enterprise and InfoWatch Kribrum – help the companies this understanding.
InfoWatch data protection solutions – InfoWatch Traffic Monitor Enterprise and InfoWatch CryptoStorage Enterprise – act as a cornerstone of a company’s information security strategy, significantly mitigate the risk of information misuse or unauthorized distribution and enable regulative compliance.
InfoWatch solutions provide a sound cost-avoidance strategy and can positively impact revenue: in today’s information age, the risk of continuing business as usual is clear – as is the reward for implementing diligent data control and leak prevention measures.
