Data Breach Notification Laws

Thales e-Security’s Vormetric Data Security Platform enables safe harbor from data breach notification laws and fines

Protecting You from Data Breach Notification Requirements

Data breach notification requirements on loss of personal information have increasingly been enacted by nations around the globe as well as by US State governments. Data breach disclosure laws and notification requirements vary by jurisdiction, but almost universally include a “safe harbor” clause, if the data lost was in encrypted form. Thales e-Security helps protect organizations from the consequences of a data breach through the Vormetric Data Security Platform's data-centric focus on security around personal information.

Breach Disclosure Laws Widespread

National data breach disclosure laws include the UK Data Protection Act, EU General Data Protection Regulation (GDPR), South Korea’s Personal Information Protection Act, Australian Privacy Act and others.

Prevention of Data Breaches a Complex Task

Data breach protection and prevention is not as simple as implementing hardware level disk encryption or OS level encryption within systems. Attacks are increasingly able to penetrate perimeter defenses, compromise accounts, and mine data without targets even being aware of the attack. With this kind of activity, simple encryption schemes won’t prevent a data breach – attackers will access accounts that allow them to decrypt and extract personal data. Driving this are criminal groups willing and able to pay for stolen personal information that has direct monetary value.

Data Breach Protection Requires a Data-Centric Focus

A data-centric focus on preventing the loss of personal information requires:

  • Encryption of personal data wherever it resides – including file systems databases, web repositories, cloud environments, big data environments and virtualization implementations.
  • Policy-based access controls to assure that only authorized accounts and processes can see the data.
  • Monitoring of authorized accounts accessing data, to ensure that these accounts have not been compromised.
Thales e-Security Provides Key Components of the Solution

Thales e-Security's Vormetric Data Security Platform provides key components of the solution to implementing data-centric security. These include security controls that enable organizations to safeguard and audit the integrity of customer records and information against a broad range of threats against data. Thales e-Security data breach protection solutions are transparent to existing operating processes and applications for rapid implementation of protection from data breaches.

This single platform solution to multiple data breach protection needs helps organizations meet compliance requirements with low TCO and an easy-to-deploy, centrally managed infrastructure and solution set.

Vormetric Transparent Encryption

Vormetric Transparent Encryption from Thales e-Security provides file and volume level data-at-rest encryption and integrated, secure key management with a best practices implementation. Access controls and data access monitoring information extend protection from data breaches by limiting data access to only personnel and programs authorized to do so. The same data provides the security intelligence information required for the Security Information and Event Management solution to identify accounts that may represent a threat because of a malicious insider, or a compromise of account credentials by malware.

Vormetric Application Encryption

Vormetric Application Encryption from Thales e-Security adds another layer of data breach protection, enabling organizations to easily build encryption capabilities into internal applications at the field and column level.

Vormetric Key Management

Vormetric Key Management from Thales e-Security enables centralized management of encryption keys for other environments and devices including KMIP compatible hardware, Oracle and SQL Server TDE master keys and digital certificates.

Research and Whitepapers : Bloor for the EU’s new data protection regulation, encryption should be the default option

There are many regulations and industry standards that require that stringent safeguards are applied to personal and sensitive data...


Watch our interactive demo Explore
Schedule a live demo Schedule
Get in contact with a specialist Contact us