NATION Technologies

Data-centric protection, controls and auditing is becoming a topic with teeth in the regulatory environment.  Data privacy regulations such as PCI DSS, FACT Act, Identity Theft Red Flags Rules and State Data Protection Laws require that sensitive data be encrypted.  Failure to demonstrate best practice measures could result in loss of business and extensive fines (even imprisonment) that could have catastrophic effects.

Financial institutions are becoming less concerned about end-to-end security (such as SSL) and more about the authenticity of the data.  Financial institutions are requiring that the data itself is properly authenticated and encrypted with inherent audit capabilities.  BIOWRAP can instantly provide improved data privacy protection to maintain compliance, audit protection and promote privacy protection. 

Below are just a few of the institutional requirements that BIOWRAP can immediately address and automate to protect Target Privacy Data such as NPI, PII and mortgage data about homeowners.

Authentication

• Authentication / Certification of Target Privacy Data (How is it performed?)
• Provide documentation on the formal procedures for identity and access management controls to Target Privacy Data. 
• Demonstrate the segregation of duties between individuals granting access to target data and those accessing target data.

Encryption

• Demonstrate measures to take special care and protect Target Privacy Data.
• Ensure appropriate handling throughout its lifecycle, including using, accessing, sharing, storing, transmitting, transferring, disposing and destroying of Target Privacy Data.
• Documented procedures to maintain the accuracy and currency of Target Privacy Data
• Provide documentation indicating the organization’s assigned security classification of the Target Privacy Data.

Audit

• Provide processes for tracking and monitoring access to Target Privacy Data.
• Information Security Incident Report policy and procedures; such as notification procedures for Target Privacy Data breaches.
• Demonstrate procedures to review Third Parties who access Target Privacy Data.

Access Controls

• Provide policies and procedures with respect to access controls (e.g., user IDs, approvals, logging, auditing, authentication, etc).
• Demonstrate that Target Privacy Data is provided on a need-to-know basis.
• Documented procedures for the processing of Data Subject access requests.
• Documentation regarding immediate notification when Target Privacy Data (encrypted or unencrypted) has been or is reasonably likely to have been lost, accessed by, used by or disclosed to unauthorized Third Parties. 

Storage

• Target Privacy Data must be encrypted during storage.

BIOWRAP is a web-based encryption key management service that can be used by anyone and integrated anywhere. 

Get your free trial of BIOWRAP at https://mybiowrap.com