Protecting individual and financial data, retaining data, and meeting e-discovery requirements are common compliance requirements across geographies and industries. Finding accurate, usable, and cost-effective solutions for meeting these requirements can make the difference between achieving compliance goals or leaving the organization vulnerable through unsecured use of sensitive data. Trend Micro Data Protection solutions for endpoint data leak protection, email encryption, and email archiving help organizations meet their compliance requirements – easily and cost-effectively.
Trend Micro Data Protection
Trend Micro, Incorporated
Addressing Compliance Requirements for Privacy, Data Retention, and e-Discovery
A Trend Micro White Paper I March 2009Trend Micro Data Protection: Addressing Compliance
Table of CONTENTs
I. Privacy, Data Retention, and e-Discovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3
II. Identifying Sustainable Compliance Solutions . . . . . . . . . . . . . . . . . . . . . . . . . . .4
III. The Trend Micro Advantage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6
IV. Trust a Security Industry Leader . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8
2 White Paper | Trend Micro Data ProtectionTrend Micro Data Protection: Addressing Compliance
Protecting individual and financial data, retaining data, and meeting e-discovery requirements are common compliance requirements across geographies and industries. Finding accurate, usable, and cost-effective solutions for meeting these requirements can make the difference between achieving compliance goals or leaving the organization vulnerable through unsecured use of sensitive data. Trend Micro security solutions for endpoint data leak protection, email encryption, and email archiving help organizations meet their compliance requirements - easily and cost-effectively.
I. Privacy, Data Retention, and e-Discovery
At its simplest, "compliance" is the adherence to an accepted policy or set of requirements. Policies can range from those that help the business avoid worst-case scenarios - such as customer churn, litigation, and fines for noncompliance - to the "should haves," including IT security standards and corporate mandates to protect its brand and stakeholder confidence.
Meeting compliance regulations requires protecting specific types of data and establishing controls to ensure that requirements are met on an ongoing basis. For more information about the regulatory landscape and specific requirements, please see Protecting Information in an Increasingly Leaky World, a Trend Micro white paper.
Figure 1: Protected data types and data requirementsProtected Data Types and Requirements DescriptionPII: Personally Identifiable Information Social security number/national identification number, drivers license number, address, phone numberPCI: Payment Card Industry Credit card numbers, Card Verification Value (CVV), expiration datePHI: Protected Health Information Medical diagnosis codes, disease names, medication names, patient namesPFI: Personal Financial Information Financial account number, credit scorePFI Access Control Monitor privileged user access to company financial data, separation of duties for data and processes impacting financial reportingAudit Covers best practices to validate controls to address regulation
3 White Paper | Trend Micro Data ProtectionTrend Micro Data Protection: Addressing Compliance
Privacy RequirementsPrivacy of an individual's personal, medical, and financial data is of utmost concern to enterprises for regulatory compliance. Regulations in place to protect individuals' privacy usually require that data associated with that individual is not visible to unauthorized users. This requires an ability to detect sensitive content, and report, block, or encrypt it. For example, protecting email and attachments from unwanted eavesdropping, tampering, and spoofing requires encryption, recently mandated by the state of Nevada to protect PII associated with Nevada residents. Solutions for Data Leak Prevention (DLP) that perform content monitoring and filtering can also be used for helping to meet a wide range of compliance requirements.
Data Retention RequirementsData retention laws vary greatly, but many specify that certain types of data be stored for specific periods of time. For example, the European Union Directive 2006/24/EC requires Member States to ensure that communica-tions providers retain data for anywhere from six months to two years. In addition, records must only be produced to entitled parties, and if they contain sensitive data, they should be kept confidential through encryption.
e-Discovery RequirementsElectronic discovery has become critical in a wide range of applications, such as litigation support, when evidence must be produced i... [download for more]
