Egnyte Protect offers several built-in classification policies that are targeted towards compliance with data security standards in several regional jurisdictions. The built-in policies currently included in Egnyte Protect are:
Payment Card Industry Data Security Standard (PCI-DSS)
Detects credit and debit card numbers, as well as card MagStripe track data. This policy helps you comply with the global PCI-DSS information security standard, which is applicable if you handle credit card information for cards issued by any of the major providers such as Visa, MasterCard, American Express and Diners Club.
California Consumer Privacy Act (CCPA)
Detects the personal information of California residents collected by businesses and organizations. This policy helps you comply with the California Consumer Privacy Act, applicable to any business that collects consumers' personal information, does business in California, and meets any of the following criteria: a) has annual gross revenues in excess of $25 million; b) possesses the personal information of 50,000 or more consumers, households, or devices; or c) earns more than half of its annual revenue from selling consumers' personal information.
Gramm-Leach-Bliley Financial Modernization Act (GLBA)
Detects personal financial information of US individuals collected for the purpose of providing financial services. This policy helps you comply with the Safeguards Rule section of the Financial Modernization Act of 1999, a US federal law that controls the ways that financial institutions such as banks, investment advisors, mortgage lenders and real estate service providers deal with the private information of individuals.
Data Protection Act (DPA)
Detects personal information of United Kingdom individuals. This policy helps you comply with the Data Protection Act of 1998, which protects the personal data of UK individuals. The policy detects national identifiers such as the National Insurance Number (NINO), UK bank account numbers and personal health identifiers such as the National Health Service (NHS) number.
Personal Information Protection and Electronic Documents Act (PIPEDA)
Detects personal information of Canadian individuals. This policy helps you comply with the Personal Information Protection and Electronic Documents Act, which sets out the ground rules for how Canadian businesses must handle personal information of individuals in the course of commercial activity. The policy detects national identifiers such as the Social Insurance Number, provincial driver’s license numbers, MICR numbers/SWIFT codes and bank account numbers, as well as provincial health identifiers such as Personal Health Numbers.
General Data Protection Regulation (GDPR)
Detects personal information of European Union citizens. This policy helps you comply with the new General Data Protection Regulation that comes into effect in the European Union on May 25, 2018. The regulation harmonizes data privacy laws across Europe and mandates the protection of personal data of EU citizens collected by organizations. With the new extra-territorial applicability clause, you’ll need to comply with GDPR if you collect or process any EU citizen’s personal data, regardless of your geographical location. The policy detects the national identifiers, personal health identifiers and banking information of the citizens of all the 27 European Union countries.
Sarbanes-Oxley Act (SOX)
Detects corporate financial information and financial disclosure reports to the US Securities and Exchange Commission. This policy helps you comply with Sections 302 and 404 of the Sarbanes-Oxley Act of 2002, which regulate the storage and protection of financial information by public companies.
Health Insurance Portability and Accountability Act (HIPAA)
Detects personal, medical and health information of US individuals collected by covered healthcare entities such as hospitals, health insurance carriers and their business associates. This policy helps you comply with the HIPAA Act of 1996 and the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009, which address the privacy and security concerns associated with the electronic transmission of personal health information.
Fair Credit Reporting Act (FCRA)
Detects consumer credit information collected and reported by the three major credit reporting bureaus - Experian, TransUnion and Equifax. This policy helps you comply with the Fair Credit Reporting Act that regulates consumer reporting agencies, users of consumer reports and furnishers of consumer information.
International Traffic in Arms Regulations (ITAR)
Detects defense and military related articles, services and technologies listed in the U.S. Munitions List. This policy helps you comply with the Arms Export Control Act provisions that are implemented in the ITAR regulation and enforced by the Department of State Directorate of Defense Trade Controls.
Australian Privacy Act (APA)
Detects personal information collected by Australian government agencies, private sector organizations and private health service providers. This policy helps you comply with the Australian Privacy Principles outlined in Privacy Act, which protect the personal data of Australian individuals. The policy detects personal identifiers such as the Tax File Number, Australian bank account number and personal health identifiers such as the Medicare Number.
New Zealand Privacy Act (NZPA)
Detects personal information of New Zealand individuals. This policy helps you comply with the Privacy Act of 1993, which protects the information privacy of New Zealand persons. The policy detects personal identifiers such as the IRD Number, New Zealand bank account number and personal health identifiers such as the NHI Number.