Egnyte Protect offers several built-in classification policies that are targeted towards compliance with data security standards in several regional jurisdictions. The built-in policies currently included in Egnyte Protect are:
Payment Card Industry Data Security Standard (PCI-DSS)
Detects credit and debit card numbers, as well as card MagStripe track data. This policy helps you comply with the global PCI-DSS information security standard, which is applicable if you handle credit card information for cards issued by any of the major providers such as Visa, MasterCard, American Express and Diners Club.
Gramm-Leach-Bliley Financial Modernization Act (GLBA)
Detects personal financial information of US individuals collected for the purpose of providing financial services. This policy helps you comply with the Safeguards Rule section of the Financial Modernization Act of 1999, a US federal law that controls the ways that financial institutions such as banks, investment advisors, mortgage lenders and real estate service providers deal with the private information of individuals.
Health Insurance Portability and Accountability Act (HIPAA)
Detects personal, medical and health information of US individuals collected by covered healthcare entities such as hospitals, health insurance carriers and their business associates. This policy helps you comply with the HIPAA Act of 1996 and the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009, which address the privacy and security concerns associated with the electronic transmission of personal health information.
Sarbanes-Oxley Act (SOX)
Detects corporate financial information and financial disclosure reports to the US Securities and Exchange Commission. This policy helps you comply with Sections 302 and 404 of the Sarbanes-Oxley Act of 2002, which regulate the storage and protection of financial information by public companies.
Fair Credit Reporting Act (FCRA)
Detects consumer credit information collected and reported by the three major credit reporting bureaus - Experian, TransUnion and Equifax. This policy helps you comply with the Fair Credit Reporting Act that regulates consumer reporting agencies, users of consumer reports and furnishers of consumer information.
Data Protection Act (DPA)
Detects personal information of United Kingdom individuals. This policy helps you comply with the Data Protection Act of 1998, which protects the personal data of UK individuals. The policy detects national identifiers such as the National Insurance Number (NINO), UK bank account numbers and personal health identifiers such as the National Health Service (NHS) number.
Personal Information Protection and Electronic Documents Act (PIPEDA)
Detects personal information of Canadian individuals. This policy helps you comply with the Personal Information Protection and Electronic Documents Act, which sets out the ground rules for how Canadian businesses must handle personal information of individuals in the course of commercial activity. The policy detects national identifiers such as the Social Insurance Number, provincial driver’s license numbers, MICR numbers/SWIFT codes and bank account numbers, as well as provincial health identifiers such as Personal Health Numbers.
General Data Protection Regulation (GDPR)
Detects personal information of European Union citizens. This policy helps you comply with the new General Data Protection Regulation that comes into effect in the European Union on May 25, 2018. The regulation harmonizes data privacy laws across Europe and mandates the protection of personal data of EU citizens collected by organizations. With the new extra-territorial applicability clause, you’ll need to comply with GDPR if you collect or process any EU citizen’s personal data, regardless of your geographical location. The policy detects the national identifiers, personal health identifiers and banking information of the citizens of all the 27 European Union countries.