Consumer data is a blessing to businesses for the value it brings in, but currently also is a significant burden to keep safe. Consumer privacy protection laws like GDPR and CCPA demand that businesses make the best effort to keep the data from falling into the wrong hands and impose a hefty fine when they fail.
The liability of having regulated data is a primary factor in determining cyber security insurance premiums, and for a good reason. The 2022 data breach study by IBM reveals that “Organizations with a high level of compliance failures (resulting in fines, penalties, and lawsuits) experienced an average cost of a data breach of $5.65 million, compared to $3.35 million at organizations with low levels of compliance failures, a difference of $2.3 million or 51.1%.”
UDS is designed from the beginning to ease the burden and keep the regulated data safe
Most businesses today won’t be able to provide an accurate count of the amount of regulated data they have and where they are, let alone how they are protected. Those shortcomings are partially due to the fact that files containing compliance data are created, deleted, and moved all the time and on many different devices in today’s digital economy; but also due to the lack of innovation in data security in the last several decades. Those facts highlight the challenges to keeping data safe and staying compliant with data privacy regulations.
UDS, an innovative unified data security solution, provides a simple solution to this complicated problem. It starts with letting businesses know accurately how much regulated data they have and where and when they are accessed. UDS permanently attaches a unique compliance tag to every file it protects so that UDS always knows how much regulated data are in the environment, who, where and when accessed it. This information provides a base for accurate assessment of liabilities, therefore, likely reducing the cyber insurance cost.
With UDS-DS, every regulated data is seamlessly protected by quantum-computing safe encryption end-to-end through the entire life cycle. Businesses can rest assured that their data is safe from cyber criminals. UDS-DS also provides a report of the access history for every regulated data to prove the point. All the privacy regulations, including GDPR, consider the encrypted data safe even if it may have been exfiltrated.
To further safeguard the compliant data, UDS-DS enhanced the intelligent access right management with extra layer of compliance access policy. The compliance access policies trump other access control mechanisms and the denies access by the compliance module is final and cannot be overridden to ensure only the users authorized to access compliance data can have a chance to access the regulated data, subject to other access right management processes.
Due to its extensive tracking capabilities – logging and auditing all changes and access attempts – UDS provides a report on the entire access history for all regulated data. This report can be used as a proof of compliance when a data breach is suspected.
In 2019, the FBI’s investigation records were among the three terabytes of confidential information exposed to the public by the Oklahoma Department of Securities. The incident highlights the inherited breach risk when transferring data outside the original owner. The European Union has ruled that it is the owner’s responsibility to hold third parties compliant with GDPR when transferring data, and the owner should remove the data anytime noncompliance is determined. Current technologies are not up to that task, which makes data transfer a significant barrier in today’s global digital economy and hampers cooperation among partners and US companies in particular due to lacking stronger data privacy laws.
The unique design of UDS ensures the same high level of protection even post-transfer with external domain access control, a UDS access management facility. Through the external domain access control, UDS can temporarily grant access to approved users in a different UDS domain, which can be either the third-party’s own UDS domain or the built-in companion domain, to enable the third-party users’ access. After protected files are transferred, approved users from the third party can access the files as long as permission remains. When the time comes to retract the access, the owner revokes access to the data from UDS, and the users at the third party will no longer be able to access the UDS files even if the files are still in their possession. This feature could significantly expand the number of potential data-sharing partners while still staying compliant with GDPR.
Secure data sharing becomes possible because UDS only grants access and never distributes passwords or keys.
Interested in learning more about how APF can help your organization’s data protection and cyber privacy needs?