Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionLast revisionBoth sides next revision | ||
compliance [2020_10_30 15:05] – [Auditing & Family Education Rights & Privacy Act (FERPA)] jim | compliance [2024_03_19 18:08] – steven | ||
---|---|---|---|
Line 3: | Line 3: | ||
===== GDPR ===== | ===== GDPR ===== | ||
- | Our products and services make it easier for our customers to comply with the European Union’s General Data Protection Regulation (GDPR). | + | Our products and services make it easier for our customers to comply with the European Union’s General Data Protection Regulation (GDPR). |
- | + | ||
- | For more information on the Compliance features of the File Fabric please see our [GDPR whitepapers.](https:// | + | |
The GDPR, which became active May 25, 2018, gives individuals (data subjects) in the European Union more control (rights) over how their personal data is used, and places obligations on businesses that process that data. The GDPR calls businesses that determine what and how personal data is processed ‘data controllers’. Businesses that handle personal data only under the direction of a data controller are called ‘data processors’. Data controllers and data processors each have different obligations under GDPR. | The GDPR, which became active May 25, 2018, gives individuals (data subjects) in the European Union more control (rights) over how their personal data is used, and places obligations on businesses that process that data. The GDPR calls businesses that determine what and how personal data is processed ‘data controllers’. Businesses that handle personal data only under the direction of a data controller are called ‘data processors’. Data controllers and data processors each have different obligations under GDPR. | ||
- | In different scenarios, with different categories of data, Storage Made Easy and our customers may play roles either as a data controller or data processor. | + | In different scenarios, with different categories of data, Access Anywhere |
- | ==== Software (Enterprise File Fabric) ==== | + | ==== Software (Access Anywhere) ==== |
- | Organizations who run the Enterprise File Fabric | + | Organizations who run Access Anywhere |
For information on how our software supports data controllers see [[gdpr-compliance]]. | For information on how our software supports data controllers see [[gdpr-compliance]]. | ||
- | |||
- | ==== Online Services (SaaS) ==== | ||
- | |||
- | Individuals can create accounts through our online File Fabric service, located in the US and EU. Under GDPR, Storage Made Easy is a data controller for the personal data entered by those individuals in creating and managing the account. However, for additional personal data entered by the account owner, including the credentials of their storage providers, content uploaded through the service, and for business accounts, member names and email addresses, the account owner is the data controller and Storage Made Easy is a data processor working under their direction. | ||
- | |||
- | For information on Storage Made Easy’s responsibilities as a data controller, see our [Privacy Policy](https:// | ||
- | |||
- | ==== Managed Services (IaaS) ==== | ||
- | |||
- | Storage Made Easy manages dedicated instances of our Enterprise File Fabric platform for our customers on a number of different public and private clouds including [Linode](https:// | ||
- | |||
- | Information for data controllers can be found at [[gdpr-compliance]]. Storage Made Easy’s responsibilities as a data processor are outlined in our [Data Processing Agreement](https:// | ||
- | |||
- | ==== Marketing, Sales and Support ==== | ||
- | |||
- | Storage Made Easy acts a data controller for the personal data of individuals that we market to directly, engage in business with, and support. For more information on how we collect and process personal data for these individuals see our [Privacy Policy](https:// | ||
==== CCPA ==== | ==== CCPA ==== | ||
Line 48: | Line 30: | ||
Unlike the GDPR the CCPA doesn’t require companies to go through steps such as data collection consent, having a valid reason to collect user information, | Unlike the GDPR the CCPA doesn’t require companies to go through steps such as data collection consent, having a valid reason to collect user information, | ||
- | The File Fabric | + | The Access Anywhere |
- | + | ||
- | Additionally when connected to the File Fabric data content is indexed so that it can be checked for PII / PHI which can then be flagged and quarantined until it can be dealt with. | + | |
+ | Additionally when connected to Access Anywhere data content is indexed so that it can be checked for PII / PHI which can then be flagged and quarantined until it can be dealt with. | ||
===== Encryption (FIPS) ===== | ===== Encryption (FIPS) ===== | ||
- | The Enterprise File Fabric | + | Access Anywhere |
- | + | The validation registration is [No. 4854](https:// | |
- | For more information see [File Encryption](https:// | + | |
- | + | ||
- | ===== Government ===== | + | |
- | + | ||
- | The Enterprise File Fabric had been approved by the UK Government for purchase by public-sector bodies through the Gov.uk [Digital Marketplace](https:// | + | |
- | + | ||
- | [UKCloud](https:// | + | |
- | For more information see [Secure Unified File Sharing and Collaboration for UK Government Cloud](https:// | + | For more information see [[cloudencryption]]. |
===== Healthcare ===== | ===== Healthcare ===== | ||
Line 80: | Line 53: | ||
* | * | ||
- | Ways in which the Storage Made Easy Cloud Appliance satisfies HIPAA: | + | Ways in which the Access Anywhere |
**Data Access**: | **Data Access**: | ||
Line 86: | Line 59: | ||
“Allow access only to those persons or software programs that have been granted access right.†(Section 164.312(a)(2)(1)) | “Allow access only to those persons or software programs that have been granted access right.†(Section 164.312(a)(2)(1)) | ||
- | **Remote / Offsite Access to data**: | + | **Remote / Offsite Access to data**: |
”Establish (and implement as needed) policies and procedures for responding to an emergency or other occurrence (for example, fire, vandalism, system failure, and natural disaster) that damages systems that contain electronic protected health information.†(HIPAA, Section 164.308(a)(7)(i)). | ”Establish (and implement as needed) policies and procedures for responding to an emergency or other occurrence (for example, fire, vandalism, system failure, and natural disaster) that damages systems that contain electronic protected health information.†(HIPAA, Section 164.308(a)(7)(i)). | ||
- | **Physical Security of Data**: Storage Made Easy supports over 55 clouds. Our [Cloud Appliance](https:// | + | **Event Logging**: |
- | + | ||
- | **Event Logging**: | + | |
- | **Encryption**: | + | **Encryption**: |
**Disclaimer** | **Disclaimer** | ||
Line 106: | Line 77: | ||
FERPA is the federal privacy law for educational institutions and has regulatory compliance requirements for student educational records. | FERPA is the federal privacy law for educational institutions and has regulatory compliance requirements for student educational records. | ||
- | The File Fabric's detailed audit event logs and access polices can be used to help track ' | + | The Access Anywhere's detailed audit event logs and access polices can be used to help track ' |
Note that FERPA compliance regulations specifically prohibit educational institutions from disclosing " | Note that FERPA compliance regulations specifically prohibit educational institutions from disclosing " | ||
Line 112: | Line 83: | ||
### Also See | ### Also See | ||
- | [[useraccesspolicies|User Access Policies]] \\ | + | [[cloudappliance: |
[[security|Security Framework]] | [[security|Security Framework]] |