Deciding what data to protect

What data does the organization need to protect? What data privacy laws, regulations, and compliance concerns and obligations does the organization have?

Consider the factors described below to define the scope of what needs to be protected.

Geographical factors
  • Each region may have its own regulations or laws that require protecting various types of sensitive information, such as personal, financial, and medical data.
  • Global enterprises may be bound to multiple laws if they have branch offices in different regions. (For example, they may have to abide by different state laws if they have offices in several different states)
Industry
  • Each type of industry may have its own laws and regulations. For example:
    • GLBA for Finance and Banking
    • HIPAA for Healthcare and Pharma
  • Organizations that develop new technologies may need to protect intellectual property and trade secrets (such as designs, software code, drawings, or patent applications).
Sector
  • Government agencies and organizations that are affiliated with the government are subject to special requirements and regulations, such as DIACAP for units and contractors related to the U.S. Department of Defense and FISMA for U.S. federal agencies and their contractors.
  • For public companies, additional regulations may apply (such as the Sarbanes- Oxley Act in the U.S., or regulations that are published by the regulatory body of the relevant stock markets).

General

  • Marketing data, like the following, may need to be kept secret from competitors:
    • Upcoming press releases
    • Marketing campaigns
    • Leads
    • Customer contact information and other customer data

Many organizations have individualized needs for data protection. Though these might remain outside typical categories, Forcepoint DLP can accommodate them.

The Forcepoint DLP first-time policy wizard assists administrators in defining the organization’s region or regions and industry. It then displays relevant policies, making it easier to select them for monitoring and enforcement.

The policy wizard launches automatically when a Forcepoint DLP administrator logs on to the Forcepoint Security Manager after installation or upgrade.

After selecting the appropriate predefined policies, administrators can create policies to protect specific information or types of information, such as:

  • Designs
  • Drawings
  • Marketing materials
  • Legal documents
  • Strategic planning documents, such as business plans
  • Financial and pricing information
  • All documents marked “Confidential”