Share this: 

Cloud Privacy and Compliance

Privacy Regulations and the Protection of Sensitive Data in the Cloud

Cloud privacy and compliance regulationsCompanies in highly regulated industries, such as financial services and healthcare, must comply with numerous regulations related to privacy and sensitive data, including PCI DSS, ITAR, SOX, GLBA, HIPAA and HITECH, and many others. These data compliance regulations offer specific guidance on handling personal information and cloud compliance for sensitive data, and companies are bound to ensure that their information security policies and IT systems comply with the guidelines. Blue Coat's solution can help organizations meet their regulatory standards while benefiting from the use of cloud applications. Examples of industry regulations that encompass information related to cloud privacy and compliance standards include:

PCI DSS (Payment Card Industry Data Security Standard)

PCI Data Security Standards (PCI DSS) are technical and operational requirements set by the PCI Security Standards Council (PCI SSC) to protect cardholder data. The Council is responsible for managing the security standards, while the payment card brands enforce compliance in the cloud. The standards apply to all organizations that store, process or transmit cardholder data – with guidance for software developers and manufacturers of applications and devices used in those transactions. More about PCI DSS cloud data security >>

ITAR (International Traffic & Arms Regulations)

Sector specific data protection and security requirements exist in many countries. For example, in Defense and Manufacturing, many organizations need to comply with the U.S. ITAR (International Traffic in Arms Regulations). The ITAR regulate the export and temporary import of defense-related products, services, and technologies including technical data related to the design, develop, production, manufacture, assembly, operation, repair, testing, maintenance or modification of defense articles. More about ITAR cloud data security >>

HIPAA & HITECH (Health Insurance Portability and Accountability Act & Health Information Technology for Economic and Clinical Health Act)

The federal Health Insurance Portability and Accountability Act (HIPAA) requires healthcare organizations to maintain the confidentiality of electronic health information that can be linked to an individual patient (electronic Protected Health Information, or ePHl). Penalties and criminal enforcement of the HIPAA Security Rules were made stronger via several provisions in The Health Information Technology for Economic and Clinical Health (HITECH) Act in 2009. The HIPAA Security Rules require healthcare organizations to adopt the appropriate safeguards to protect the confidentiality, integrity and availability of patients’ protected health information. More about HIPAA cloud data security >>

CJIS (Criminal Justice Information System Database)

The FBI’s Criminal Justice Information System (CJIS) is responsible for providing many critical pieces of data that criminal justice organizations and contractors need to conduct business every day - including fingerprint records, sex offender registries and criminal histories. There are understandably strict regulations and standards for anyone accessing CJIS data and this applies to any cloud application provider or vendor providing products or services related to this data. More about CJIS cloud data security >>

GLBA (Gramm-Leach-Bliley Act)

The Gramm-Leach-Bliley Act (GLBA) requires financial institutions to establish standards for protecting the security and confidentiality of their customers’ non-public personal information. More about GLBA cloud data security >>

Public Sector/Government
Download Blue Coat Cloud Data Protection CJIS for Salesforce Datasheet