Regulatory Compliance

An icon representing a paragraph symbolizing law and regulations

Regulatory Compliance

There are many regulations and laws that govern how data is handled, stored and transmitted. Some of the most well-known are GDPR, HIPAA, and CCPA. These regulations are designed to protect the privacy and security of personal data.

Xecrets Ez and Xecrets Cli are designed to help you comply with these regulations. They provide strong encryption to protect your own and your customers', clients' and patients' data from unauthorized access.

While it's not possible to state that any software is "compliant" with a regulation, it is possible to state that the software can be used to help achieve compliance.

Below we'll list some of the ways that strong encryption of data at rest may assist your organizations to comply with relevant regulations.

GDPR

The General Data Protection Regulation is the legal framework that sets guidelines for the collection and processing of personal information from individuals who live in and outside of the European Union (EU).

Xecrets Ez and Xecrets Cli may for example assist with compliance in the following parts.

  • Protecting stored personal data (Article 32: Security of Processing)
  • Ensuring secure data processing by design (Article 25: Data Protection by Design and by Default)
  • Minimizing breach notification obligations (Article 34: Breach Notification)
  • Supporting secure data retention and deletion practices (Article 5 and Article 17)
  • Reducing risks identified in DPIAs (Article 35: Data Protection Impact Assessment)
  • Limiting unauthorized access to personal data (Article 7: Access Control, Data Minimization)

Encryption of data at rest ensures that even if systems are breached or data is improperly accessed, the stored data remains protected and unreadable. This helps with compliance and may also reduce the need for breach notifications.

HIPAA

The Health Insurance Portability and Accountability Act (HIPAA) of 1996 establishes United States federal standards protecting sensitive health information from disclosure without patient's consent.

Xecrets Ez and Xecrets Cli may for example assist with compliance in the following parts.

  • Securing ePHI in storage (Technical Safeguards, Access Control, Integrity)
  • Minimizing breach notification obligations (Breach Notification Rule, Safe Harbor)
  • Protecting ePHI on portable devices and during disposal (Physical Safeguards, Media Controls)
  • Reducing risks through secure data storage (Risk Management and Contingency Planning)
  • Ensuring access control and auditability (Technical Safeguards, Access Control, Audit Controls)

By encrypting ePHI at rest, organizations significantly reduce the risk of unauthorized access to sensitive health data, ensuring compliance with HIPAA’s requirements for data protection and security.

CCPA

The California Consumer Privacy Act (CCPA) is a state statute intended to enhance privacy rights and consumer protection for residents of California.

Xecrets Ez and Xecrets Cli may for example assist with compliance in the following parts.

  • Mitigating breach liability, protecting against consumer lawsuits by preventing unauthorized access to readable data in case of a breach. (Article 1798.150 - Consumer’s Private Right of Action)
  • Supporting security standards, helping satisfy CCPA’s requirement for reasonable security practices, safeguarding consumer information against unauthorized access. (Article 1798.81.5 - Reasonable Security Procedures and Practices)
  • Facilitating de-identification, as a de-identification measure, protecting personal data by making it inaccessible without decryption keys. (Article 1798.140 - Definitions Relevant to Personal Information and De-identification)
  • Aiding in secure deletion, rendering data inaccessible through key destruction or secure deletion. (Article 1798.105 - Right to Deletion)
  • Increasing transparency, providing evidence of data protection, aligning with CCPA’s transparency in data handling practices. (Article 1798.100 - Right to Know About Personal Data Collected)
  • Protecting against unauthorized data sale, helping controlling access to data, supporting compliance with consumer opt-out requests to prevent unauthorized data sales. (Article 1798.120 - Right to Opt-Out of Sale of Personal Data)

By encrypting files, organizations can protect sensitive information from unauthorized access, thereby helping to comply with CCPA's requirements for data protection and security.