Data security regulations

Most countries and certain industries have laws and regulations that protect customers, patients, or staff from the loss of personal information such as credit card numbers, social security numbers, and health information.

To set up rules for the regulations that pertain to you:

  1. Click No region selected.
  2. Select the regions in which you operate.
  3. Select the regulations of interest:
    Field Description
    Personally Identifiable Information (PII) Detects Personally Identifiable Information. For example, names, birth dates, driver license numbers, and identification numbers. This option is tailored to specific countries.
    Protected Health Information (PHI) Detects Protected Health Information. For example, terms related to medical conditions and drugs, together with identifiable information.
    Payment Card Industry (PCI DSS) Conforms to the Payment Card Industry (PCI) Data Security Standard, a common industry standard that is accepted internationally by all major credit card issuers. The standard is enforced on companies that accept credit card payments, as well as other companies and organization that process, store, or transmit cardholder data.
  4. Select an action to take when matching data is detected. Select Block to prevent the data from being sent through the web channel. Select Monitor to allow it. (Incidents are created either way.) You can filter by action in the Data Security Incident Manager.
  5. Select a sensitivity to indicate how narrowly or widely to conduct the search. Select Wide for the strictest security. Wide has a looser set of detection criteria than Default or Narrow, so false positives may result and performance may be affected. Select Narrow for tighter detection criteria. This can result in false negatives or undetected matches. Default is a balance between the two. Severity is automatically calculated for these regulations.