Egnyte Secure & Govern offers several built-in classification policies that are targeted toward compliance with data security and privacy standards in several regional jurisdictions.  An overview of all available policies can be found in this article.  Detailed policy matching criteria for some specific policies can be found below.

Quick links to individual policy criteria:

HIPAA: Health Insurance Portability and Accountability Act

Egnyte HIPAA Narrow Version

Egnyte HIPAA Broad Version

GDPR: General Data Protection Regulation Policy

Egnyte GDPR Narrow Version

Egnyte GDPR Broad Version

CCPA: California Consumer Privacy Act Policy

Egnyte CCPA Narrow Version

Egnyte CCPA Broad Version

GLBA: Gramm-Leach-Bliley Financial Modernization Act Policy

Egnyte GLBA Narrow Version

Egnyte GLBA Broad Version

PCI-DSS: Payment Card Industry Data Security Standard Policy

SOX: Sarbanes-Oxley Act Policy

ITAR: International Traffic in Arms Regulations

 

Specific Classification Policy Criteria

HIPAA: Health Insurance Portability and Accountability Act

Egnyte HIPAA Narrow Version

Policy Criteria: To match the Narrow Version, an object must contain:

1.  Any of following:

  • Social Security Number (US)
  • Health Insurance Claim Number

2.  In addition to #1 above, a match to at least one of the following within 200 characters of above match:

  • ICD-10 Codes
  • ICD-10 Ailments Narrow version
  • ICD-10 PCS Codes
  • ICD-10 PCS Procedures
  • CPT Codes
  • CPT Procedures Narrow version
  • National Provider Identifier (NPI) number
  • DEA Registration Number

Egnyte HIPAA Broad Version

Policy Criteria: To match the Broad Version, an object must contain one of the following:

1.  A match to CMS Forms form with any of Personally Identifiable Information(PII) or Personal Health Information (PHI) of US which includes:

  • Social Security Number (US)
  • Drivers License Number (US)
  • VISA Number(US)
  • Passport Number
  • Health Insurance Claim Number and if any other pattern is added in the future for US under the PII tag or PHI tag

2.  A match to at least one of the following within 200 characters of any of Personally Identifiable Information(PII) or Personal Health Information (PHI) of US:

  • ICD-10 Codes
  • ICD-10 Ailments
  • ICD PCS Codes
  • ICD PCS Procedures
  • CPT Codes
  • CPT Procedures
  • National Provider Identifier (NPI) number
  • DEA Registration Number
  • Proprietary and generic names of drugs approved by the US FDA

GDPR: General Data Protection Regulation Policy

Egnyte GDPR Narrow Version

Policy Criteria: To match the Narrow Version, an object must contain at least one of the following:

Any of Personally Identifiable Information(PII) of EU which includes:

  • EU countries Driver's License Number
  • EU countries National Identifiers Number and if any other pattern is added in the future for EU under the PII tag
  • Passport Number
  • Any of Banking Information(PIFI) of EU which includes:
    • EU Countries IBAN number
    • EU bank identifiers and bank account number
    • EU countries Single Euro Payments Area (SEPA) number
    • EU countries VAT number and if any other pattern is added in the future for EU under the PIFI tag
  • Any of Personal Health Information (PHI) of EU which includes:
    • Personal Health Identifiers of supported EU countries and if any other pattern is added in the future for EU under the PHI tag

Egnyte GDPR Broad Version

Policy Criteria: To match the Broad version, an object must contain Partially Personal Information (PPI) but only if a person's name is found within 200 characters of the matched content which includes:

  • EU Postal Address
  • EU Telephone Number and if any other pattern is added in the future for EU under the PPI tag
  • Email Address
  • Date of Birth
  • IP Address
  • WebLog
  • Any of Personally Identifiable Information(PII) of EU which includes:
    • EU countries Driver's License Number
    • EU countries National Identifiers Number and if any other pattern is added in the future for EU under the PII tag
    • Passport Number
  • Any of Banking Information(PIFI) of EU which includes:
    • EU Countries IBAN number
    • EU bank identifiers and bank account number
    • EU countries Single Euro Payments Area (SEPA) number
    • EU countries VAT number and if any other pattern is added in the future for EU under the PIFI tag
  • Any of Personal Health Information (PHI) of EU which includes:
    • Personal Health Identifiers of supported EU countries and if any other pattern is added in the future for EU under the PHI tag

CCPA: California Consumer Privacy Act Policy 

Egnyte CCPA Narrow Version 

To match the Narrow Version, an object must contain the following: 

1.  A match to any of the following pattern only if a person's name is found within 200 characters of the matched content

  • Social Security Number 
  • Drivers License Number (US) 
  • VISA Number (US) 
  • MagStripe track 
  • Credit/debit card number 
  • Bank account number (US) 
  • Health Insurance Claim Number(US)

Egnyte CCPA Broad Version

Policy criteria: To match the Broad Version, an object must contain at least one of the following:

1.  A match to any of the following pattern only if a person's name is found within 200 characters of the matched content 

  • Social Security Number 
  • Drivers License Number (US) 
  • VISA Number (US) 
  • MagStripe track 
  • Credit/debit card number 
  • Bank account number (US) 
  • Health Insurance Claim Number (US)

2.  A match to any of the following patterns only if a privacy policy keyword is found within 200 characters of the matched content: 

  • Email address

GLBA: Gramm-Leach-Bliley Financial Modernization Act Policy

Egnyte GLBA Narrow Version 

To match the Narrow Version, an object must contain the following:

  • Social Security Number (US) 
  • In addition to SSN, a match to at least one of the following:
    • Registered Investment Advisors (RIAs) 
    • US Bank names 
    • Bank account number (US) 
    • Credit/debit card number 
    • MagStripe Track 

Egnyte GLBA Broad Version 

Policy criteria: To match the Broad Version, an object must match to any of Personally Identifiable Information(PII) of US which includes:

  • Social Security Number (US) 
  • Drivers License Number (US) 
  • VISA Number(US) 
  • and if any other pattern is added in the future for US under the PII tag 
  • Passport Number

In addition to above, a match to at least one of the following:

  • Registered Investment Advisors (RIAs) 
  • US Bank names 
  • Bank account number (US) 
  • Credit/debit card number 
  • MagStripe Track 
  • At least two Personal Finance terms

PCI-DSS: Payment Card Industry Data Security Standard Policy 

Policy criteria: To match the PCI-DSS Policy, an object must contain Payment Information, which includes any of following:

  • Credit/Debit Card Number 
  • MagStripe Track

SOX: Sarbanes-Oxley Act Policy 

Policy criteria: To match the SOX Policy, an object must contain at least one of the following:

  • Corporate Information of US and the Securities and Exchange Commission (SEC) Fair Disclosure forms. Corporate Information includes:
    • IRS Employer Identification Number (US) 
    • National Provider Identifier (NPI) number (US) 
    • DEA Registration Number 
    • IRS Employer Identification Number of US with at least five unique terms from Common Financial Statement Terms 
    • At least ten unique Common Financial Statement Terms

ITAR: International Traffic in Arms Regulations 

Policy criteria: To match the ITAR policy, an object must contain a match to at least one of the following:

  • US Munitions which consists of 19 different lists of munitions keywords 
  • Aeca Debarred Parties List 
  • Export Control and Distribution Statement List