Regulations

Most countries and certain industries have laws and regulations that protect customers, patients, or staff from the loss of personal information such as credit card numbers, social security numbers, and health information.

To set up rules for the regulations that pertain to you:

Steps

  1. Click No region selected. (To edit regions, click the link, “n regions selected.”)
  2. Select the regions in which you operate. Forcepoint Security Labs provides a set of predefined policies to cover regions all over the world and maintains those policies as regulations change.
  3. Select the regulations of interest.
    Regulation Description
    Personally Identifiable Information (PII) Detects Personally Identifiable Information—for example, names, birth dates, driver license numbers, and identification numbers. This option is tailored to specific countries.
    Protected Health Information (PHI) Detects Protected Health Information—for example, terms related to medical conditions and drugs—together with identifiable information.
    Payment Card Industry (PCI DSS) Conforms to the Payment Card Industry (PCI) Data Security Standard, a common industry standard that is accepted internationally by all major credit card issuers. The standard is enforced on companies that accept credit card payments, as well as other companies and organization that process, store, or transmit cardholder data.
  4. Select an action to take when matching data is detected. Select Block to prevent the data from being sent through the web channel. Select Monitor to allow it. (Incidents are created either way.)
    The Action column now appears in the Incident Manager by default, showing whether each incident was monitored or blocked.
  5. Select a sensitivity to indicate how narrowly or widely to conduct the search.
    Select Wide for the strictest security. Wide has a looser set of detection criteria than Default or Narrow, so false positives may result. Select Narrow for tighter detection criteria. This can result in false negatives or undetected matches. Default is a balance between the two.

    Severity is automatically calculated for these regulations.

    For more information on the detection rules for these regulations, see Data Security Content Classifiers (DLP Lite only).