Concerns over user data protection and privacy are in the news on a daily basis. Local, state, federal, and global jurisdictions have established data compliance regulations and policies governing how companies and municipalities manage and protect the personal information of consumers and constituents.
Many of the data protections regulations are well known – GDPR, CCPA, HIPAA, and PCI just to name a few. The focus on privacy issues is driving additional regulatory activities.
Do you understand your responsibilities to meet these compliance requirements? Are you prepared?
What’s Your Compliance Strategy?
A key component in any company’s compliance strategy should be using encryption technology to secure and protect Personally Identifiable Information (PII). In some cases, such as for GDPR compliance, if your data is encrypted, you may still be in compliance if you experience a data breach resulting in stolen.
Integrating TozStore’s end-to-end encryption SaaS Platform into your data security solution can help meet your compliance requirements – even in the event of a data breach.
The General Data Protection Regulation, or GDPR, is the primary law regulating how companies protect the personal data of EU citizens. The regulation mandates the standards for how companies provide reasonable data protection measures and how they handle user data in order to better safeguard its processing, storage, and transfer in order to protect the personal data of consumers against privacy loss or exposure – including data breaches. GDPR also states that should there be a data breach, Supervising Authorities must positively consider the use of encryption in their decision on whether or not to impose fines.
Companies can reduce the probability of a data breach, and thus reduce the risk of fines in the future, if they choose to use encryption of personal data. When using Tozny’s TozStore SaaS encryption platform, the loss of encrypted data does not necessarily constitute a data breach depending on implementation details such as the granularity of the encryption envelope and key management. Additionally, with Tozny your encrypted data need not be stored within your database, but instead you can store it offsite within Tozny’s state of the art infrastructure and in the event of a data breach, your encryption keys are not housed within our infrastructure and thus the data cannot be decrypted.
The California Consumer Privacy Act (CCPA) creates a set of obligations for businesses and rights for consumers in regard to safeguarding Californian’s personal information. The legislation provides penalties when companies expose unencrypted personal information to theft or misuse. Tozny’s platform provides an easy to use encryption platform that exceeds all requirements for protecting users data. TozStore enables fine grained access control to revoke access to components of your data on the fly. This makes TozStore the fastest and most secure way to meet your compliance obligations.
The Personal Information Protection and Electronic Documents Act (PIPEDA) is the federal Canadian privacy law for private-sector organizations. It establishes the policies for how businesses are required to handle personal information of Canadian citizens in the course of their commercial activity.
Businesses are required to protect all personal information (regardless of how it is stored) against loss, theft, or any unauthorized access, disclosure, copying, use or modification. Using an end-to-end encryption solution like TozStore provides a fundamental safeguard in your data protection strategy.