Address Compliance

Addressing compliance and the appropriate handling of compliance-related privacy data, such as Social Security numbers, credit card numbers, personally identifiable information, and financial data, is critical for maintaining a strong public reputation, protecting corporate brand identity, and minimizing financial risk.

Organizations facing compliance with government or industry regulation need an end-to-end information protection solution to help ensure compliance with these regulations, including:

• HIPAA – Health Insurance Portability and Accountability Act
• SOX – Sarbanes-Oxley
• GLBA – Gramm-Leach Bliley Act
• PCI DSS – Payment Card Industry Data Security Standard
• … and many others

The need for protecting compliance-related privacy data is clear, as risks can evolve from a variety of sources, including:

• A malicious insider - employee sharing information that shouldn’t be shared
• Corporate espionage - someone placed inside the organization for the sole purpose of extracting valuable information
• Broken business process - information going to a party that shouldn’t be receiving it—or receiving it through the channel that is being used
• Misconfigured IT systems or security- miniscule oversights in security, such as lack of encryption, can result in costly fines from regulatory organizations
• End-user error - an employee accidentally disclosing data unknowingly to an unapproved recipient or through an unapproved channel

Traditional solutions focus on a single channel of communication, such as email or instant messaging, for monitoring compliance-related privacy data that might be leaving the network. They often overlook the total universe of network ports and protocols that could be vulnerability points for an information leak. Other solutions strictly use keyword or other matching techniques to filter traffic, which leads to poor catch-rates and high false-positives. Furthermore, most solutions do not store historical data, making it impossible to trace and investigate events leading up to a data breach.

Reconnex provides a powerful end-to-end solution for information protection that helps ensure that compliance-related privacy data is protected—whether it is in motion, at rest, or in use. Reconnex has developed a high-performance, appliance-based information protection system that intelligently monitors, classifies, and captures all information on the network—regardless of protocol or port—to provide customers with real-time and historical protection over information risks.

For addressing privacy and sensitive record information, Reconnex allows customers to monitor for privacy data across all content types and communication channels. Complex analysis & matching techniques take into account relevant content, location in the body of content, meta-data, repetition, and other variables, which provide the industry’s highest quality in terms of accuracy. To protect sensitive record repositories on the network, Reconnex’s document biometrics tag these known content risks and monitor for these records leaving the network, including filtering and blocking modifications of source content such as a single column exported from an Excel file containing Social Security numbers.  Reconnex uniquely provides a powerful case management framework that allows multiple stakeholders from different teams—including compliance, legal, and information security—to interact with one another to resolve compliance or privacy-related incidents in a streamlined manner.