Regulations

  • Brazilian General Data Protection Law (LGPD) for Discovery

    The General Data Protection Law (Law No. 13,709) is the principal data protection legislation in Brazil. The LGPD was inspired by the General Data Protection Regulation (the “GDPR”) and has brought about deep changes to the data protection framework in Brazil enacting a set of rules to be observed in data processing activities. Following are the rules in this policy:

    • Brazilian General Data Protection Law: CPF and Sensitive Disease
    • Brazilian General Data Protection Law: Email Address and Password (Wide)
    • Brazilian General Data Protection Law: Email Address and Password (Default)
    • Brazilian General Data Protection Law: Identity Card Number
    • Brazilian General Data Protection Law: Name and CPF
    • Brazilian General Data Protection Law: Name and Sensitive Disease
    • Brazilian General Data Protection Law: National Register of Legal Entities Number (Wide)
    • Brazilian General Data Protection Law: National Register of Legal Entities Number (Default)
  • California Consumer Privacy Act for Discovery

    The 'California Consumer Privacy Act of 2018' protects personal information collected by businesses. Businesses in violation of the act are liable for civil penalties. The policy detects personally identifiable information (PII), such as social security numbers, credit card numbers, and passwords. The policy also covers previous Californian privacy regulations, such as California SB 1386 of 2003, California AB 1950 of 2004, and AB-1298 of 2017. The rules of the policy are:

    • California Consumer Privacy Act: 10-Digit Account Number
    • California Consumer Privacy Act: 5-8-Digit Account Number
    • California Consumer Privacy Act: 9-Digit Account Number
    • California Consumer Privacy Act: California Driver License and Sensitive Disease or Drug
    • California Consumer Privacy Act: CCN (Default)
    • California Consumer Privacy Act: CCN (Narrow)
    • California Consumer Privacy Act: CCN and California Driver License Number
    • California Consumer Privacy Act: CCN and Common Medical Condition
    • California Consumer Privacy Act: CCN and Sensitive Disease or Drug
    • California Consumer Privacy Act: Celebrity Name and Common Medical Condition
    • California Consumer Privacy Act: Celebrity Name and Sensitive Disease or Drug
    • California Consumer Privacy Act: DNA Profile
    • California Consumer Privacy Act: ICD10 Code and Name
    • California Consumer Privacy Act: ICD10 Description and Name
    • California Consumer Privacy Act: ICD9 Code and Name
    • California Consumer Privacy Act: ICD9 Description and Name
    • California Consumer Privacy Act: Name and Common Medical Condition (Default)
    • California Consumer Privacy Act: Name and Common Medical Condition (Narrow)
    • California Consumer Privacy Act: Name and HICN
    • California Consumer Privacy Act: Name and MBI (Default)
    • California Consumer Privacy Act: Name and MBI (Wide)
    • California Consumer Privacy Act: Name and Sensitive Disease or Drug (Default)
    • California Consumer Privacy Act: Name and Sensitive Disease or Drug (Narrow)
    • California Consumer Privacy Act: Password (Default)
    • California Consumer Privacy Act: Password (Narrow)
    • California Consumer Privacy Act: Password (Wide)
    • California Consumer Privacy Act: SSN
    • California Consumer Privacy Act: SSN and California Driver License Number
    • California Consumer Privacy Act: SSN and CCN
    • California Consumer Privacy Act: SSN and Common Medical Condition
    • California Consumer Privacy Act: SSN and Sensitive Disease or Drug
  • FERC and NERC for Discovery

    Policy to promote compliance with the requirements imposed by the Federal Energy Regulatory Commission (FERC) and the North American Electric Reliability Council (NERC) to protects Critical Energy Infrastructure Information (CEII). The policy detects sensitive Energy Infrastructure Information, such as natural gas pipeline flow diagrams, various drawing and schemes files and FERC forms 567 and 715. The rules for this policy are:

    • FERC and NERC: disclaimer
    • FERC and NERC: pipeline flow diagrams
    • FERC and NERC: form 567
    • FERC and NERC: form 715
  • SEC and SOX for Discovery

    The Sarbanes-Oxley Act (SOX) mandates public companies to comply with its requirements. This act provides strict guidelines for ensuring corporate governance and control policies for information within publicly traded companies. This policy promotes compliance with the data protection aspects of SOX by detecting audit terms and SEC 10-K and 10-Q reports. The rules for this policy are:

    • SOX: Form 10-K (Standard Fiscal Year)
    • SOX: Form 10-Q (Standard Fiscal Year)
    • SOX: SOX-Related Term
  • Swedish Patient Data Act (SFS 2008:355, Patientdatalagen) - For Discovery

    A policy to promote compliance with the Swedish Patient Data Act (Patientdatalag , SFS 2008:355) that mandates protection of protected health information (PHI) and Personally Identifiable Information (PII) of Swedish citizens and residents . The policy comprises rules for discovery of health information or medical conditions (in Swedish or English), in proximity to personally identifiable information such as personnummer or name, and for detection of SPSS files and Database files. The rules for this policy are:

    • SFS 2008:355: Database File
    • SFS 2008:355: DICOM
    • SFS 2008:355: DNA Profile
    • SFS 2008:355: ICD10 Code
    • SFS 2008:355: ICD10 Code and Description
    • SFS 2008:355: ICD10 Code and Name (Wide)
    • SFS 2008:355: ICD10 Code and Name (Default)
    • SFS 2008:355: ICD10 Code and Name (Narrow)
    • SFS 2008:355: ICD10 Code and Personal Number
    • SFS 2008:355: ICD10 Description
    • SFS 2008:355: Name and Health Information
    • SFS 2008:355: Name and Personal Number
    • SFS 2008:355: Name and Sensitive Disease or Drug
    • SFS 2008:355: Personal Number
    • SFS 2008:355: Personal Number and Health Information
    • SFS 2008:355: Personal Number and Sensitive Disease or Drug
    • SFS 2008:355: SPSS Text File
  • US-ITAR for Discovery

    International Traffic in Arms Regulations (ITAR) is a set of United States government regulations that control the export and import of defense-related articles and services. The policy detects information about sensitive technologies being disseminated, as well as source code and confidential documents. For source code in the SPICE and VHDL languages, please select all relevant rules to achieve complete coverage. The rules for this policy are:

    • ITAR: Encryption
    • ITAR: Nuclear
    • ITAR: Space
    • ITAR: Military
    • ITAR: Technical Drawing files