There are data privacy mandates and standards around the globe for protecting personal information and notifying individuals affected by a data breach. Trustwave has deep experience in helping you establish best practices for managing personal information in complex environments with multiple compliance requirements.

$1 per record

cost to criminal to obtain personally identifiable information (PII)

12%

percentage of breaches focused on PII in corporate networks

42%

frequency of PII compromises in service provider environments

Overview

Trustwave offers deep experience and a proven methodology to help you address your data privacy compliance requirements. Trustwave delivers tailored services for common data privacy regulations around the globe as well as a standard process that can be applied to specific regional requirements as needed.

Benefits

    • A Structured Risk-based Approach

      Employs risk governance framework and is informed by Trustwave’s compliance and security expertise

    • Automation When You Need it

      The award-winning TrustKeeper® management platform is a secure web-based portal that is the foundation for delivering centralized, integrated and on-demand management of PCI compliance and security programs.

    • Access to World-Class PCI Experts

      We've been working closely with the PCI Security Standards Council since its inception. Whether you are a large enterprise working with our industry-leading qualified security assessors (QSAs) or a small business completing your Self-Assessment Questionnaire, your experience will reflect the world-class expertise behind the process.

    • Security Portfolio Enables Compliance

      Trustwave helps you employ security best practices, which streamlines the process of achieving and maintaining compliance. The Trustwave suite of security products and managed services can help you protect critical assets and combat advancing threats, while addressing evolving mandates.

    • Full Suite of PCI Services

      In addition to being a Qualified Security Assessor Company, Trustwave is recognized by the PCI Security Standards Council as a qualified Payment Application Data Security Standard (PA-DSS) assessor, point-to-point encryption (P2PE) assessor, approved scanning vendor (ASV) and a PCI Forensic (PFI) investigator.

    • Supported by Industry-Leading Threat Intelligence

      We monitor billions of security events worldwide each day and produce unique threat intelligence that fuels our services. You also have the benefit of the Trustwave SpiderLabs elite team of ethical hackers, forensic investigators and security researchers helping businesses across the globe.

Consequences

  • Penalties vary from state to state in the U.S. and country to country throughout the world, with some laws not prescribing any sanctions. For those that do, the amounts often are based on either the number of people affected by the breach or on time delays in alerting victims. Penalties for violations typically range from a couple thousand dollars up to $750,000 per breach. For other data privacy laws, such as those that require companies to implement certain data protection standards, fines can reach as high as $50,000 per incident.

    In the European Union, for example, the data protection proposal would include penalties of up to 2 percent of an organization’s yearly global turnover.

    State attorneys generals increasingly have become active in data privacy enforcement, with a number of notable settlements that have occurred in the U.S. related to violations of state breach notification laws.

Solutions

  • Trustwave products and services help you discover and protect the sensitive information you are collecting, transmitting and retaining so you can avoid a data breach in the first place. Our deep portfolio also enables you to reduce the time, cost and complexity of responding to the various state and international data privacy mandates.

    Plan and Prepare

    Conducting a Risk Assessment is the first step to identifying and implementing safeguards necessary to meet compliance. Trustwave helps you find gaps that may exist between your current security posture and HIPAA requirements. The customizable assessments, scaled individually for covered entities and business associates, include identification of key assets and IT systems, assessment of controls and frameworks and a review of third-party providers and incident response programs.

    Fill the Gaps

    Data privacy regulations require companies to deploy technical controls to protect customer records and information, whether they are being collected, stored or transmitted. Here are some of the ways we can help:

  • Data Loss Prevention 

    Allows you to discover and classify sensitive data and prevent it from leaving the network.

    SIEM 

    Helps you gain visibility through detection, containment, prioritization and mitigation of events and threats.

    Security Awareness Education 

    Instructs your employees and contractors to understand the threat of social engineering and follow best practices for security, including the safe use of web and social media tools and password management.

    Penetration Testing 

    Identifies and manages potential vulnerabilities in your networks, applications or databases.

    Digital Certificates 

    Trustwave combines its digital certificates offering with simplified management and a dedicated support team to meet your growing certificate needs.

  • Automate and Manage Compliance

    TrustKeeper Compliance Manager helps you to centrally automate and manage controls, policies and procedures across multiple compliance frameworks, including HIPAA. Compliance Manager is delivered through our cloud-based management portal TrustKeeper, which provides a real-time view into the status of your compliance and security programs and offers access to all of your managed services. Through one easy-to-use dashboard, you can submit support requests, see event history, run reports and manage your account at any time.

Resources