Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Next revisionBoth sides next revision
compliance [2018_06_15 23:28] stevencompliance [2020_10_30 15:05] – [Auditing & Family Education Rights & Privacy Act (FERPA)] jim
Line 1: Line 1:
-====== Compliance ======+====== Compliance Standards ======
  
 ===== GDPR ===== ===== GDPR =====
Line 32: Line 32:
  
 Storage Made Easy acts a data controller for the personal data of individuals that we market to directly, engage in business with, and support. For more information on how we collect and process personal data for these individuals see our [Privacy Policy](https://storagemadeeasy.com/privacy). Storage Made Easy acts a data controller for the personal data of individuals that we market to directly, engage in business with, and support. For more information on how we collect and process personal data for these individuals see our [Privacy Policy](https://storagemadeeasy.com/privacy).
 +
 +==== CCPA ====
 +
 +[[http://leginfo.legislature.ca.gov/faces/billNavClient.xhtml?bill_id=201720180AB375|AB-375]], California’s new privacy law came into effect on January 1st 2020. The CCPA allows anyone who resides in the state to access and obtain copies of data that companies may store on/about them with the right to delete the data as well as opting out of companies selling or monetizing their data.
 +
 +Companies are required to comply with the CCPA if they comply with any of the following:
 +
 +
 +(i) They have gross revenues over $25M
 +
 +(ii) They are a for-profit company that does business in California and collect the information of more than 50,000 consumers, devices or households.
 +
 +(iii) 50% of their income is derived from selling personal information.
 +
 +Unlike the GDPR the CCPA doesn’t require companies to go through steps such as data collection consent, having a valid reason to collect user information, or requires companies to minimize data collected, although this may occur in future revisions.
 +
 +The File Fabric provides functionality that helps in satisfying CCPA requirements such as providing a mechanism to understand ‘who’ is accessing data, ‘when’, and ‘how’ through a combination of the File Fabric's Audit event logs and Policies.
 +
 +Additionally when connected to the File Fabric data content is indexed so that it can be checked for PII / PHI which can then be flagged and quarantined until it can be dealt with. 
 +
 +
 +
  
 ===== Encryption (FIPS) ===== ===== Encryption (FIPS) =====
Line 41: Line 63:
 ===== Government ===== ===== Government =====
  
-The Enterprise File Fabric had been approved by the UK Government for purchase by public-sector bodies through the Gov.uk [Digital Marketplace](https://www.digitalmarketplace.service.gov.uk/g-cloud/services/821523275015502). The solution is available as Cloud Software (SaaS) and hosted on UKCloud Primary Storage and Computing as a Service infrastructure.+The Enterprise File Fabric had been approved by the UK Government for purchase by public-sector bodies through the Gov.uk [Digital Marketplace](https://www.digitalmarketplace.service.gov.uk/g-cloud/services/251427856082223). The solution is available as Cloud Software (SaaS) and hosted on UKCloud Primary Storage and Computing as a Service infrastructure.
  
 [UKCloud](https://ukcloud.com) are National Cyber Security Centre Accredited and are Home Office/PASF assured facilities and data centres for "Blue Light" services. They also have HSCIC/NHS Digital N3 Aggregator status. UKCloud are also ISO 9001, ISO 2000, ISO 27001,   ISO 27017, ISO 27018 accredited. [UKCloud](https://ukcloud.com) are National Cyber Security Centre Accredited and are Home Office/PASF assured facilities and data centres for "Blue Light" services. They also have HSCIC/NHS Digital N3 Aggregator status. UKCloud are also ISO 9001, ISO 2000, ISO 27001,   ISO 27017, ISO 27018 accredited.
Line 78: Line 100:
 This information is not intended to constitute legal advice.   You are advised to seek the advice of counsel regarding compliance with HIPAA or refer to the HIPAA section of the U.S. Department of Health and Human Services' website, which can be found at: [http://www.hhs.gov/ocr/hipaa/](http://www.hhs.gov/ocr/hipaa) This information is not intended to constitute legal advice.   You are advised to seek the advice of counsel regarding compliance with HIPAA or refer to the HIPAA section of the U.S. Department of Health and Human Services' website, which can be found at: [http://www.hhs.gov/ocr/hipaa/](http://www.hhs.gov/ocr/hipaa)
  
 +[[https://storagemadeeasy.com/files/beaf6033b72e3a7540e2f11839d01bb7.pdf|Download]] HIPAA Statement
 +
 +===== Auditing & Family Education Rights & Privacy Act (FERPA) =====
 +
 +FERPA is the federal privacy law for educational institutions and has regulatory compliance requirements for student educational records. 
 +
 +The File Fabric's detailed audit event logs and access polices can be used to help track 'who' had access to data , 'when', and 'why'.
 +
 +Note that FERPA compliance regulations specifically prohibit educational institutions from disclosing "personally identifiable education information" without a student's written permission.
 +
 +### Also See
  
 +[[useraccesspolicies|User Access Policies]] \\ 
 +[[security|Security Framework]]
© Copyright 2024 Nasuni.