Technical Library | Support

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Predefined Policies and Classifiers > Data Loss Prevention policies > Regulations, Compliance and Standards > Privacy Regulations
Privacy Regulations
TRITON - Data Security Help | Data Security Solutions | Version 7.8
Data Security includes regulatory policies for numerous countries.
*
Australia
*
Canada
*
European Union
*
Hong Kong
*
Iceland
*
India
*
Israel
*
Japan
*
Malaysia
*
New Zealand
*
Norway
*
Russia
*
Singapore
*
South Africa
*
Switzerland
*
Taiwan
*
Thailand
*
Turkey
*
United States of America
Australia
Policies for promoting compliance with Australian Privacy regulations.
*
Australian Privacy Act (2012 Revision)
The Australian Federal Privacy Act mandates protection of private information and limits its storage, usage, and distribution. The policy detects private information of Australians. Each one of this policy's rules relates to different private information. Enable the rules you want to enforce. The rules for this policy are:
*
Australian Privacy Act: Medicare and Sensitive Disease or Drug
*
Australian Privacy Act: Medicare and Common Disease
*
Australian Privacy Act: Name and Driver License (starting with v7.8.3)
*
Australian Privacy Act: Name and TFN (starting with v7.8.3)
*
Australian Privacy Act: Name and Address (starting with v7.8.3)
*
Australian Privacy Act: TFN and Address (starting with v7.8.3)
*
Australian Privacy Act: ABN and Address (Default) (starting with v7.8.3)
*
Australian Privacy Act: ABN and Address (Wide) (starting with v7.8.3)
*
Australian Privacy Act: Name and Bank Account number (starting with v7.8.3)
*
Australian Privacy Act: DNA profile (starting with v7.8.3)
*
Australian Privacy Act: Name and Racial or Ethnic Origins (starting with v7.8.3)
*
Australian Privacy Act: Name and Crime (starting with v7.8.3)
*
Australian Privacy Act: Name and Sexual preference (starting with v7.8.3)
*
Australian Privacy Act: Credit file (Wide) (starting with v7.8.3)
*
Australian Privacy Act: Credit file (Default) (starting with v7.8.3)
*
Australian Privacy Act: Credit file (Narrow) (starting with v7.8.3)
*
Australian Privacy Act: Name and ABN (Default) (starting with v7.8.3)
*
Australian Privacy Act: Name and ABN (Wide) (starting with v7.8.3)
*
Australian Privacy Act: Australian Name and Sensitive Disease or drug (starting with v7.8.3)
*
Australian Privacy Act: Australian Name and Common Disease (starting with v7.8.3)
Canada
Policies for promoting compliance with Canadian Privacy regulations.
*
PIPEDA
The Personal Information Protection and Electronic Documents Act is a Canadian law governing how private sector organizations collect, use and disclose personal information in the course of commercial business. The policy detects Canadian Personally Identifiable Information (PII) like social insurance numbers or credit cards, either alone or in combination with sensitive private information like health conditions.
*
PIPEDA: Canadian Name and DL
*
PIPEDA: Canadian Name and Physical Information
*
PIPEDA: Canadian Name and Sensitive Disease
*
PIPEDA: Canadian Name with Government Issues ID Card Number w proximity
*
PIPEDA: Canadian Name with Indian Status Number w proximity
*
PIPEDA: Canadian Name with Permanent Resident Card Number w proximity
*
PIPEDA: Credit cards and Common Diseases
*
PIPEDA: Credit cards and Sensitive Disease or drug
*
PIPEDA: DOB with Address or SIN or Name
*
PIPEDA: SIN and Common Diseases
*
PIPEDA: SIN and Sensitive Disease or drug
*
PIPEDA: SIN with CCN
*
PIPEDA: SIN with proximity
*
PIPEDA: SIN and Address or DOB or Name (starting with v7.8.2)
European Union
Policies for promoting compliance with European Union Privacy regulations.
*
Denmark
*
Denmark Personal Information Protection Law
The Denmark Personal Information Protection Law (PIP) regulates the handling of personal information. The policy comprises rules for detection of CPR numbers and Danish bank account numbers. The rules for this policy are:
*
DPIP: CPR and Name - Wide
*
DPIP: CPR and Name - Default
*
DPIP: CPR and Name - Narrow
*
DPIP: CPR numbers (Wide)
*
DPIP: CPR numbers (narrow)
*
DPIP: CPR numbers (default)
*
DPIP: Credit Cards
*
DPIP: Bank Account number - Wide
*
DPIP: Bank Account number with terms
*
DPIP: Bank Account number with strict format - Narrow
*
Finland
*
Personal Data Act (523/1999)
Finland's Personal Data Act provides restrictions on the processing, storage and transmission of personal and sensitive information, including personal ID. Under the Law, personal information relating to identity may only be processed, stored and transmitted with the consent of the individual. Personal information cannot generally be transferred outside of Finland unless the country has 'comparable' protections. The policy comprises rules for detection of Finnish Social Security Numbers and DNA sequences. The rules for this policy are:
*
Finland Personal Data Act: Finnish SSN (Wide)
*
Finland Personal Data Act: Finnish SSN
*
Finland Personal Data Act: DNA Sequence
*
France
*
France BNR (Ordonnance 2011-1012)
A policy to promote compliance with the France Breach Notification Requirement (Ordonnance 2011-1012). According to this Ordinance, electronic communication service provider must inform, without delay, the French Data Protection Authority in case of any security breach. A data security breach is defined as any security breach that accidentally or unlawfully results in the destruction, loss, alteration, disclosure or unauthorized access to personal data that is being processed in the context of electronic communication services that are provided to the public. The rules for this policy are:
*
France BNR 2011-1012: CCN and Name
*
France BNR 2011-1012: INSEE numbers
*
France BNR 2011-1012: Name and Health
*
France BNR 2011-1012: INSEE and Health
*
France BNR 2011-1012: Name and INSEE
*
France Data Protection Law 2004-801
Policy for the French Law 2004-801, which implements the EU Directive 95 on privacy. The policy contains rules to detect combinations of French full names and INSEE numbers with sensitive private information like credit card number or health conditions. The rules for this policy are:
*
France Privacy: CCN and Name
*
France Privacy: INSEE numbers
*
France Privacy: Name and Health
*
France Privacy: INSEE and Health
*
France Privacy: Name and INSEE
*
Germany
*
Germany Federal Privacy Protection Act
Policy for the German Federal Privacy Protection Act, implementing the EU Directive 95 on privacy. The policy contains rules to detect combinations of German full names with sensitive private information like credit card number, ethnicity, and health conditions. the rules for this policy are:
*
Germany FPP: CCN and Name
*
Germany FPP: Ethnicity and Name
*
Germany FPP: Health and Name
*
Germany FPP: Crime and Name
*
Greece
*
Greece - Hellenic DPA of 1997
The Hellenic Data Protection Act of 1997 regulates the processing of personal data and therefore mandates the protection of private information. The policy detects Greek AFM (Αριθμός Φορολογικού Μητρώου) and ID numbers, alone or in proximity to a Greek names in Greek or Latin letters, and combinations of Greek names in proximity to sensitive medical information in Greek and English. The rules for this policy are:
*
Greece: AFM number (Default)
*
Greece: AFM number (Wide)
*
Greece: AFM number and Name (Default)
*
Greece: AFM number and Name (Wide)
*
Greece: ID and Name (Default)
*
Greece: ID and Name (Wide)
*
Greece: Sensitive Medical Information and Name (Default)
*
Greece: Sensitive Medical Information and Name (Wide)
*
Hungary
*
Hungarian Data Protection Laws
Act LXIII of 1992 on Protection of Personal Data and Disclosure of Data Public Interest mandates, among others, that personal data shall be protected against unauthorised access, transfer and public exposure. Data may only be processed, stored and transmitted with the consent of the individual. The Act sets out sanctions for violations. The policy comprises rules for detection of Hungarian Personal Numeric Code Numbers (szemelyi azonosito szam) Social Security Numbers (TAJ szam), Tax ID Numbers (Adoazonosito jel) and DNA information. The rules for this policy are:
*
Hungarian Data Protection Laws: Hungary Szemelyi Azonosito Szam (Wide)
*
Hungarian Data Protection Laws: Hungary Szemelyi Azonosito Szam (Default)
*
Hungarian Data Protection Laws: Hungary TAJ szam (Wide)
*
Hungarian Data Protection Laws: Hungary TAJ szam (Default)
*
Hungarian Data Protection Laws: Hungary Adoazonosito jel (Wide)
*
Hungarian Data Protection Laws: Hungary Adoazonosito jel (default)
*
Hungarian Data Protection Laws: DNA Sequence
*
Ireland
*
Ireland Data Protection Acts (DPA)
Ireland Data Protection Acts (DPA) of 1988 and 2003, and in particular, the Personal Data Security Breach Code of Practice set by Ireland Data Protection Commissioner (DPC), mandate protection of personal information and requires that, in case where there is a risk of unauthorized disclosure, loss, destruction or alteration of personal data, the data controller must give immediate consideration to informing those affected. The policy contains rules to detect Irish Personally Identifiable Information (PII) like Personal Public Service Numbers (PPS/RSI) or passport numbers, alone or in combination with credit card numbers. The rules for this policy are:
*
Ireland DPA: Irish PRSI/PPS Number and CCN
*
Ireland DPA: Irish Driver Number and CCN
*
Ireland DPA: Irish Passport Number and CCN
*
Ireland DPA: Irish Personal Public Service Number
*
Ireland DPA: Irish Driver Number
*
Ireland DPA: Irish Passport Number
*
Ireland DPA: Irish IBAN (default)
*
Ireland DPA: Irish IBAN (wide)
*
Ireland DPA: Irish Bank Account
*
Ireland DPA: Name and Sensitive Diseases
*
Italy
*
Italy Health Data Privacy Act
The Italy Health Data Privacy Act protects persons from violation of their right to privacy through the processing of personal data. The Act helps to ensure that personal data is processed in accordance with fundamental respect for the right to privacy, including the need to protect personal integrity and private life and ensures that personal data is of adequate quality. The policy contains rules to detect combinations of Italy Personally Identifiable Information (PII) like Codice Fiscale and full name, with sensitive health information. The rules for this policy are:
*
Italy: Codice Fiscale
*
Italy: Name and Codice Fiscale
*
Italy: Name and health information
*
Italy: Codice Fiscale and health information
*
Netherlands
*
Netherlands Personal Data Protection Act
Policy to promote compliance with the Dutch Personal Data Protection Act, which implements the EU Directive 95 on privacy. The policy contains rules to detect combinations of Netherlands sofinummer and sensitive private information like account number, driver license number, passport number, ethnicity and health conditions. The rules for this policy are:
*
DUTCH PDP: Sofi and Ethnicities
*
DUTCH PDP: Sofi and Account with Password
*
DUTCH PDP: Sofi and CCN
*
DUTCH PDP: Sofi and Crime
*
DUTCH PDP: Sofi and Diseases
*
Dutch PDP: Dutch Bank Accounts with proximity
*
Dutch PDP: Dutch Bank Accounts
*
Dutch PDP: Driver License Numbers
*
Dutch PDP: Passport Numbers
*
Poland
*
Poland LPPD
The Law on the Protection of Personal Data (LPPD) is based on the European Union (EU) Data Protection Directive. Under the Law, personal information relating to identity may only be processed, stored and transmitted with the consent of the individual. Personal information cannot generally be transferred outside of Poland unless the country has 'comparable' protections. The law sets out civil and criminal sanctions for violations. The policy comprises rules for detection of Polish NIP numbers, PESEL numbers, Polish ID numbers, DNA information and Polish REGON numbers, alone or in proximity to a Polish name. The rules for this policy are:
*
Poland LPPD: DNA Sequence
*
Poland LPPD: LPPD: NIP and Name
*
Poland LPPD: LPPD: PESEL numbers
*
Poland LPPD: NIP numbers
*
Poland LPPD: NIP with proximity
*
Poland LPPD: PESEL and Name
*
Poland LPPD: PESEL with proximity
*
Poland LPPD: Polish ID and Name
*
Poland LPPD: Polish ID numbers
*
Poland LPPD: Polish ID with proximity
*
Poland LPPD: REGON and Name
*
Poland LPPD: REGON numbers
*
Poland LPPD: REGON with proximity
*
Spain
*
Spain Data Privacy Act
The Spanish Data Privacy Act implementing the EU Directive 95 on privacy. The policy contains rules to detect combinations of Spain National Identity Documents and sensitive private information like account numbers, ethnicity and health conditions. The rules for this policy are:
*
SPAIN DPA: DNI and Ethnicities
*
SPAIN DPA: DNI and Account with Password
*
SPAIN DPA: DNI and CCN
*
SPAIN DPA: DNI and Crime
*
SPAIN DPA: DNI and Diseases
*
Sweden
*
Sweden Personal Data Act of 1998
Sweden's Personal Data Act of 1998 was enacted to protect people against the violation of their personal integrity by processing of personal data. The act includes restrictions on the storage and transmission of personal data. The pre-defined policy comprises rules for detection of Swedish Personal Identity Number (personnummer) in traffic and DNA information. The rules for this policy are:
*
Sweden Personal Data Act: Swedish ID - wide
*
Sweden Personal Data Act: Swedish ID - default
*
Sweden Personal Data Act: DNA Sequence
*
Swedish Patient Data Act (SFS 2008:355 Patientdatalagen)
A policy to promote compliance with the Swedish Patient Data Act (Patientdatalag, SFS 2008:355) that mandates protection of protected health information (PHI) and Personally Identifiable Information (PII) of Swedish citizens and residents. The policy comprises rules for detection of health information or medical conditions (in Swedish or English), in proximity to personally identifiable information such as personnummer or name, and for detection of SPSS files and Database files. The rules for this policy are:
*
SFS 2008:355: DataBase Files
*
SFS 2008:355: DNA profile
*
SFS 2008:355: ICD10 Code and Description
*
SFS 2008:355: ICD10 Code and Name
*
SFS 2008:355: ICD10 Code and Name (Narrow)
*
SFS 2008:355: ICD10 Code and Name (Wide)
*
SFS 2008:355: ICD10 Code and Personal Number
*
SFS 2008:355: ICD10 Codes
*
SFS 2008:355: ICD10 Descriptions
*
SFS 2008:355: Name and health information
*
SFS 2008:355: Name and Personal Number
*
SFS 2008:355: Name and Sensitive Disease or drug
*
SFS 2008:355: Personal Number
*
SFS 2008:355: Personal Number and health information
*
SFS 2008:355: Personal Number and Sensitive Disease or drug
*
SFS 2008:355: SPSS Text files
*
UK
*
Information Governance Toolkit
Policy for compliancy with NHS "Information Governance Toolkit" (IG Toolkit). The rules for this policy are:
*
IG Toolkit: NHS Numbers (wide)
*
IG Toolkit: NHS Numbers (default)
*
IG Toolkit: NHS Numbers (narrow)
*
IG Toolkit: UK National Insurance Number and Name
*
IG Toolkit: UK Driver Number and Name
*
IG Toolkit: UK Driver Number and Name (Wide)
*
IG Toolkit: UK Passport Number and Name
*
IG Toolkit: UK Tax ID Number and Name
*
IG Toolkit: Name and Common Diseases
*
IG Toolkit: Names (Narrow) and Common Diseases
*
IG Toolkit: Name and Sensitive Disease or drug
*
IG Toolkit: Names (Narrow) and Sensitive Disease or drug
*
IG Toolkit: DNA profile (default)
*
IG Toolkit: DNA profile (narrow)
*
IG Toolkit: DOB and Name
*
IG Toolkit: NDC number - default
*
IG Toolkit: NDC number - narrow
*
IG Toolkit: ICD10 Codes
*
IG Toolkit: ICD10 Codes and US full names
*
IG Toolkit: ICD10 Descriptions and US full names
*
IG Toolkit: ICD9 Codes
*
IG Toolkit: ICD9 Codes and US full names
*
IG Toolkit: ICD9 Descriptions and US full names
*
UK DPA
The UK Data Protection Act 1998 provides provision for the regulation of the processing of information relating to individuals, including the obtaining, holding, use or disclosure of such information. The policy contains rules to detect UK Personally Identifiable Information (PII) like National Insurance numbers, passport numbers, alone or in combination with credit card numbers. The rules for this policy are:
*
UK DPA: UK National Insurance Number and CCN
*
UK DPA: UK Driver Number and CCN
*
UK DPA: UK Driver Number and CCN (Wide)
*
UK DPA: UK Passport Number and CCN
*
UK DPA: UK Tax ID Number and CCN
*
UK DPA: UK National Insurance Number
*
UK DPA: UK Driver Number
*
UK DPA: UK Passport Number
*
UK DPA: UK Tax ID Number
*
UK DPA: NHS Numbers (wide)
*
UK DPA: NHS Numbers (narrow)
*
UK DPA: NHS Numbers (default)
*
EU Directive 9546EC
Directive 95/46/EC on the protection of personal data regulates the processing of personal data. The policy detects combinations of national identification numbers and credit card numbers prevalent in Europe. The rules for this policy are:
*
EU 95 46: Dutch Sofinummer and CCN
*
EU 95 46: French INSEE numbers and CCN
*
EU 95 46: Italian Codice Fiscale numbers and CCN
*
EU 95 46: Norway Personal Number and CCN
*
EU 95 46: Spanish DNI numbers and CCN
*
EU 95 46: Swiss new format AHV and CCN
*
EU 95 46: Swiss Old format AHV and CCN
*
EU 95 46: UK National Insurance Number and CCN
*
EU Finance
Policy for promoting regulatory compliance with the requirements of the Basel Committee on Banking Supervision. The policy contains rules to detect financial data like account numbers, passwords, or magnetic credit card tracks. Additional rules detect combinations of Personally Identifiable Information (PII) like credit cards and identification numbers. The rules for this policy are:
*
EU Finance: CCN: with National ID
*
EU Finance: CCN and PIN number
*
EU Finance: Suspected passwords
*
EU Finance: Credit Card Magnetic Strips
*
EU Finance: Password dissemination for Web traffic
*
EU Finance: 5-8 digit Account Numbers
*
EU Finance: 10 digit Account Numbers
*
EU Finance: 9 digit Account Numbers
Hong Kong
Policies for promoting compliance with Hong Kong Privacy regulations.
*
Hong Kong Personal Data Privacy Ordinance
The Hong Kong Personal Data Privacy Ordinance (PDPO) protects the privacy interests of living individuals in relation to personal data. The Ordinance covers any data relating directly or indirectly to a living individual from which it is practicable to ascertain the identity of the individual and which are in a form in which access or processing is practicable, including, for example, Hong Kong Identity Card Number, name and address. The rules for this policy are:
*
PDPO: Common Surname and Address (default)
*
PDPO: Common Surname and Address (narrow)
*
PDPO: Common Surname and Address (wide)
*
PDPO: Hong Kong ID - default pattern
*
PDPO: Hong Kong ID - wide
*
PDPO: Hong Kong ID (default pattern) and Common Address
*
PDPO: Hong Kong ID (default pattern) and Common Surname
*
PDPO: Hong Kong ID (default pattern) with Common Surname and Address
*
PDPO: Hong Kong ID (formal form) and Common Address
*
PDPO: Hong Kong ID (formal form) and Common Surname
*
PDPO: Hong Kong ID (formal form) with Common Surname and Address
*
PDPO: Hong Kong ID (wide) and Common Address
*
PDPO: Hong Kong ID (wide) and Common Surname
*
PDPO: Hong Kong ID (wide) and Common Surname and Address
*
PDPO: Hong Kong ID formal form
Iceland
Policies for promoting compliance with Iceland Privacy regulations.
*
Iceland Privacy Act
The Iceland Act on Protection of Individuals with regard to the Processing of Personal Information (law 77/2000) follows the EU Data Protection Directive and restricts the processing, storage and transmission of personal and sensitive information. The pre-defined policy comprises rules for detection of Iceland identification numbers (kennitala) and DNA profile. The rules for this policy are:
*
Iceland Privacy Act: Kennitala (default)
*
Iceland Privacy Act: Kennitala (wide)
*
Iceland Privacy Act: DNA Sequence
India
*
India IT Act
Policy for detecting sensitive personal information as defined by the India Information Technology Act. The rules for this policy include:
*
India IT Act: Suspected Passwords
*
India IT Act: CCN (Default)
*
India IT Act: CCN (Narrow)
*
India IT Act: Indian Name and Physical Information
*
India IT Act: Indian Name and Sensitive Disease or Drug
*
India IT Act: Indian Name and Common Diseases
*
India IT Act: Indian Name and Sexual Orientation
*
India IT Act: Indian Name and Biometric Information
*
India IT Act: Indian Name and Password
*
India IT Act: Password dissemination for Web traffic
Israel
Policies for promoting compliance with Israel Privacy regulations.
*
Israeli Health Care
Policy for detection of protected health information of Israeli citizens, to promote compliance with Israeli privacy rules and Israeli patients rights law of 1996.
*
Israel PHI: ID and Sensitive Medical info
*
Israel PHI: Name and Sensitive Medical info
*
Israel PHI: ID and General Medical info
*
Israel PHI: Name and General Medical info
Japan
Policies for promoting compliance with Japan Privacy regulations.
*
Japan PIP
The Japan Personal Information Protection Law (PIP) states a set of obligations for companies handling personal data. The law protects individuals by regulating the handling of information by private sector businesses. The policy contains rules to protect Japan PII (Personally Identifiable Information), either alone or with a credit card number. The rules for this policy are:
*
JPIP: CCN: All Credit Cards
*
JPIP: Account and CCN
*
JPIP: Telephone Numbers
*
JPIP: Surname and Account
*
JPIP: Surname and Driver License
*
JPIP: Surname and Pension Number
*
JPIP: Surname and Ledger Number
*
JPIP: E-mail Addresses
Malaysia
Policies for promoting compliance with Malaysia Privacy regulations.
*
Malaysia PDPA
The Malaysian Personal Data Protection Act of 2009 mandates, among others, that any person in Malaysia who collects or stores any personal data in respect of commercial transactions, should take practical steps to protect the personal data from any loss or unauthorized access or disclosure. Penalties for incompliance comprise fine not exceeding 250000 ringgit or imprisonment for a term not exceeding two years or to both. The policy comprises rules for detection of Malaysian personal information, such as Malaysian ID, alone or in combination with sensitive information such as sensitive health information, credit card numbers, account number, ethnicities and religion etc. Additional rules detect combinations of names with sensitive health information or passwords.
*
Malaysia PDPA: Malaysian ID
*
Malaysia PDPA: Malaysian ID and CCN
*
Malaysia PDPA: Malaysian ID and Account number
*
Malaysia PDPA: Malaysian ID and Ethnicities or Religion
*
Malaysia PDPA: Malaysian ID and Crime
*
Malaysia PDPA: Malaysian Name and sensitive health information
*
Malaysia PDPA: DNA Sequences
*
Malaysia PDPA: Malaysian Name and Password
New Zealand
Policies for promoting compliance with New Zealand Privacy regulations.
*
New-Zealand Privacy Act
New Zealand's Privacy Act of 1993 applies to almost every person, business or organization in New Zealand. The act sets out information privacy principles, which, among others, limit transmission and storage of personal data. The pre-defined policy comprises rules for detection and monitoring of NZ National Health Index (NHI) numbers and DNA information. The rules for this policy are:
*
New Zealand Privacy Act: NHI number (wide)
*
New Zealand Privacy Act: NHI number (default)
*
New Zealand Privacy Act: DNA Sequence
Norway
Policies for promoting compliance with Norway Privacy regulations.
*
Norway Health Data Privacy Act
The Norway Health Data Privacy Act protects persons from violation of their right to privacy through the processing of personal data. The Act helps to ensure that personal data is processed in accordance with fundamental respect for the right to privacy, including the need to protect personal integrity and private life and ensures that personal data is of adequate quality. The policy contains rules to detect combinations of Norwegian Personally Identifiable Information (PII) like personnummer and full name, with sensitive health information.
*
Norway: Personal Number (Wide)
*
Norway: Personal Number
*
Norway: Personal Number (Narrow)
*
Norway: Name and Personal Number
*
Norway: Name and health information
*
Norway: Personal Number and health information
*
Norway: ICD10 Codes
*
Norway: ICD10 Code and Description
*
Norway: ICD10 Descriptions
*
Norway: ICD10 Code and First Name
*
Norway: ICD10 Code and Last Name
*
Norway: ICD10 Code and Full Name
*
Norway: ICD10 Code and PIN number
Russia
Policies for promoting compliance with Russia Privacy regulations.
*
Russia Federal Act 152-FZ
Federal act 152-FZ regulates activities related to processing of personal data in the Russian Federation by means of automation equipment, and mandates protecting the confidentiality of personal information. The policy detects personal information that should be protected, like Passport Number, Personal Account Insurance Number (SNILS), Taxpayer Identification Numbers (INN), personal phone numbers, etc, in proximity to Russian names. The rules for this policy are:
*
152-FZ: Moscow Social Card Number near Russian name
*
152-FZ: Russian Individual Personal Account Insurance Number (SNILS) near Russian name
*
152-FZ: Russian Passport Number near Russian name
*
152-FZ: Russian Phone Number near Russian name
*
152-FZ: Russian Primary State Registration Number (OGRNIP) near Russian name
*
152-FZ: Russian Taxpayer Identification Number (INN) near Russian name
*
Russian Federation IIIP
The law of the Russian Federation on Information, Informatization, and Information Protection of 1995 covers both the government and private sectors and imposes a code of fair information practices and other restrictions on the processing of personal and sensitive information. The pre-defined policy comprises rules for detection of a Russian passport number when appearing together with Russian full names and for detection of DNA information. The rules for this policy are:
*
Russian Federation IIIP: Passport number
*
Russian Federation IIIP: passport and name
*
Russian Federation IIIP: passport and name (Default)
*
Russian Federation IIIP: passport and name (Wide)
*
Russian Federation IIIP: passport and name (Narrow)
*
Russian Federation IIIP: DNA Sequence
Singapore
Policies for promoting compliance with Singapore Privacy regulations.
*
Singapore ETA (starting with v7.8.2)
The Singapore Electronic Transaction Act (ETA) mandates applying adequate measures to assure the confidentiality of electronic records, imposing fines and incarceration for compromising confidentiality. It also outlines the liability of directors, managers, secretaries and other officers of the body corporate in case of a breach. The rules for this policy are:
*
Singapore ETA: Singapore Identification numbers
*
Singapore ETA: Singapore Identification numbers - No support terms
*
Singapore ETA: Singapore Identification numbers with Credit Card
*
Singapore ETA: Name and Address (Default)
*
Singapore ETA: Name and Address (Narrow)
*
Singapore PDPA
The Singapore Personal Data Protection Act of 2012 covers all private sector organisations engaged in data activities within Singapore. It regulates the management of personal data by businesses and imposes financial penalties. The rules for this policy are:
*
Singapore PDPA: Singapore Identification numbers (Default)
*
Singapore PDPA: Singapore Identification numbers (Wide)
*
Singapore PDPA: Name and Singapore Identification numbers (Narrow)
*
Singapore PDPA: Name and Singapore Identification numbers (Default)
*
Singapore PDPA: Name and CCN
*
Singapore PDPA: Name and sensitive health information
*
Singapore PDPA: DNA Sequences
*
Singapore PDPA: Name and Password
*
Singapore PDPA: Singaporean Phones Numbers (Wide)
*
Singapore PDPA: Singaporean Phones Numbers (Default)
*
Singapore PDPA: Singaporean Phones Numbers (Narrow)
*
Singapore PDPA: Name and Singaporean Phones Number (Wide)
*
Singapore PDPA: Name and Singaporean Phones Number (Default)
*
Singapore PDPA: Name and Singaporean Phones Number (Narrow)
*
Singapore PDPA: Name and Address (Default) (starting with v7.8.2)
*
Singapore PDPA: Name and Address (Narrow) (starting with v7.8.2)
South Africa
Policies for promoting compliance with South Africa Privacy regulations.
*
SA ECT Act
The Republic of South Africa Electronic Communication and Transaction Act defines a national e-strategy for the Republic and also prevents abuse of information systems. Chapter VIII of the act deals with protection of personal information. The policy detects combinations of valid South Africa ID number with credit card numbers. The rule for this policy is:
*
SA ECT: ID with CCN
*
SA POPI
The "Protection of Personal Information" (POPI) bill regulates the collection, dissemination, use and retention of private information.The rules for this policy are:
*
SA POPI: SA ID
*
SA POPI: SA ID and Ethnicities or Religion
*
SA POPI: SA ID and Account number
*
SA POPI: SA ID and CCN
*
SA POPI: SA ID and Crime
*
SA POPI: SA ID and Health Information
*
SA POPI: SA ID and Date of Birth
*
SA POPI: SA Name and Password
*
SA POPI: SA Name and sensitive health information
*
SA POPI: SA Name and Personal Finance terms
*
SA POPI: DNA Sequences
Switzerland
Policies for promoting compliance with Switzerland Privacy regulations.
*
Swiss Confederation Federal Act of Data Protection
The Federal Act of Data Protection of 1992 regulates personal information held by government and private bodies. The Act requires that information must be legally and fairly collected and places limits on its use and disclosure to third parties. Transfers to other nations must be registered and the recipient nation must have equivalent laws. The pre-defined policy comprises rules for detection of Swiss AHV numbers and DNA information. The rules for this policy are:
*
Swiss Federal Act of Data Protectiot: Old format AHV
*
Swiss Federal Act of Data Protection: new format AHV
*
Swiss Federal Act of Data Protection: DNA Sequence
Taiwan
Policies for promoting compliance with Taiwan Privacy regulations.
*
Taiwan PIPA
*
Taiwan - Personal Information Protection Act. The rules for this policy are:
*
Taiwan PIPA: ID formal form
*
Taiwan PIPA: ID
*
Taiwan PIPA: ID formal form with Surname
*
Taiwan PIPA: ID with Surname
*
Taiwan PIPA: ID formal form with Surname and Private info
*
Taiwan PIPA: ID with Surname and Private info
Thailand
Policies for promoting compliance with Thailand Privacy regulations.
*
Thailand Official Information Act
*
Thailand Official Information Act: National ID (wide)
*
Thailand Official Information Act: National ID (default)
*
Thailand Official Information Act: DNA Sequence
Turkey
*
Turkey Protection of Personal Data Draft Law
A policy for protection of personal information, in accordance with Turkey's "Protection of Personal Data" Draft Law. The rules for this policy are:
*
Turkey Protection of Personal Data Draft Law: TC Kimlik
*
Turkey Protection of Personal Data Draft Law: TC Kimlik one support
*
Turkey Protection of Personal Data Draft Law: TC Kimlik and CCN
*
Turkey Protection of Personal Data Draft Law: Spreadsheets
*
Turkey Protection of Personal Data Draft Law: Confidential in Header Footer
United States of America
Policies for promoting compliance with various states' privacy regulations
*
Alaska
*
Arizona
*
Arkansas
*
California
*
Colorado
*
Connecticut
*
Delaware
*
District of Columbia
*
Florida
*
Georgia
*
Hawaii
*
Idaho
*
Illinois
*
Indiana
*
Iowa
*
Kansas
*
Louisiana
*
Maine
*
Maryland
*
Massachusetts
*
Michigan
*
Minnesota
*
Missouri
*
Montana
*
Nevada
*
New Hampshire
*
New Jersey
*
New York State
*
North Carolina
*
Ohio
*
Oklahoma
*
Oregon
*
Pennsylvania
*
Rhode Island
*
Tennessee
*
Texas
*
Utah
*
Virginia
*
Washington
*
Wisconsin
Alaska
Alaska HB 65 notifies consumers when a data breach concerning personal information has occurred. Personal information is defined to include unencrypted information on an individual, which consists of the individual's name and one or more of several other pieces of information, including a social security number, driver's license number, account number, password, or other access codes. The policy detects combination full names with social security, driver's license, or credit card numbers. Additional rules detect passwords and account numbers. The rules for this policy are:
*
HB 65: Name and SSN
*
HB 65: Name and DL
*
HB 65: Name and CCN
*
HB 65: Name and Password
*
HB 65: Password dissemination for Web traffic
*
HB 65: Account and Password
Arizona
Arizona SB 1338 (http://www.azleg.gov/legtext/47leg/2r/bills/sb1338h.pdf) Requires a person who conducts business in Arizona and owns or licenses unencrypted computerized data that includes personal information to maintain its secrecy and confidentiality and to report about incidents that materially compromises the security or confidentiality of personal information. The rules for this policy are:
*
SB 1338: SSN with AZ driver license
*
SB 1338: SSN with CCN
Arkansas
Arkansas SB 1167 requires organizations to protect personal information of Arkansas residents (including personal health information) and to inform Arkansas customers when their private information is disclosed during a security breach. The policy comprises rules that detect combinations of personally identifiable information combinations with sensitive information such as private health information, credit card numbers, or passwords. The rules for this policy are:
*
SB 1167: SSN with Sensitive Disease or Drug
*
SB 1167: Names with Sensitive Disease or Drug
*
SB 1167: Names (Narrow) with Sensitive disease or drug
*
SB 1167: Arkansas Driver License with Sensitive Disease or Drug
*
SB 1167: SSN with CCN
*
SB 1167: CCN with AR Driver License
*
SB 1167: Suspected Passwords
*
SB 1167: Password dissemination for Web traffic
California
*
California AB 1298: requires organizations to protect Californians' personal information (including personal health information) and to inform Californians when their private information is disclosed during a security breach. The policy comprises rules that detect combinations of personally identifiable information combinations with sensitive information such as private health information, credit card numbers, or passwords. The rules for this policy are:
*
AB 1298: California Driver License with Sensitive Disease or Drug
*
AB 1298: CCN: with CA Driver License
*
AB 1298: Names with Sensitive Disease or drug
*
AB 1298: Password dissemination for Web traffic
*
AB 1298: SSN with CCN
*
AB 1298: SSN with Sensitive Disease or Drug
*
AB 1298: Suspected Passwords
*
California AB 1950: requires organizations to notify Californians if their personal information is disclosed during a security breach. This law adds medical information to the information to be protected and extended the responsibility to organizations outside of the State, if they collect information about California residents. It does not apply to organizations that are subject to other privacy laws. The rules for this policy are:
*
AB 1950: SSN with CCN
*
AB 1950: CCN with CA Driver License
*
AB 1950: Suspected Passwords
*
AB 1950: Password dissemination for Web traffic
*
California SB 541 and AB 211: these amend the California Health and Safety Code and section 56.36 of the Civil Code. The bills give the state of California the ability to assess and enforce high fines for unauthorized leakage or access of private health information and create a new State Office of Health Information Integrity (OHII) to oversee data issues. The policy detects combinations of Personally Identifiable Information (PII) like names, social security or credit card number, and sensitive health information such as medical condition and DNA profiles. The rules for this policy are:
*
SB 541: SSN and Sensitive Disease or drug
*
SB 541: SSN and Common Diseases
*
SB 541: Credit cards and Sensitive Disease or drug
*
SB 541: Credit cards and Common Diseases
*
SB 541: Name and Common Diseases
*
SB 541: Names (Narrow) and Common Diseases
*
SB 541: Name and Sensitive Disease or drug
*
SB 541: Names (Narrow) and Sensitive Disease or drug
*
SB 541: Celebrities Names and Sensitive Disease or drug
*
SB 541: Celebrities Names and Common Diseases
*
SB 541: DNA profile
*
SB 541: ICD10 Codes and US full names
*
SB 541: ICD10 Descriptions and US full names
*
SB 541: ICD9 Codes and US full names
*
SB 541: ICD9 Descriptions and US full names
*
California Financial Information Privacy Act (also known as SB 1) requires financial institutions to provide their consumers notice and meaningful choice about how consumers' non-public personal information is shared or sold by their financial institutions. It provides greater privacy protections than those provided by the Gramm-Leach-Bliley Act. The policy contains rules to detect accounts, credit cards, social security numbers, and California driver license numbers. The rules for this policy are:
*
SB 1: CCN (Default)
*
SB 1: CCN (Narrow)
*
SB 1: SSN
*
SB 1: SSN with CA driver license
*
SB 1: SSN with CCN
*
SB 1: 10 Digit Account Numbers
*
SB 1: 9 Digit Account Numbers
*
SB 1: 5-8 Digit Account Numbers
*
California SB 1386: requires organizations to notify Californians if their personal information is disclosed during a security breach. SB 1386 is directed at state agencies and businesses operating in California. Personal information is defined as an individual's first name or first initial and last name with any of the following.The rules for this policy are.
*
CC 1798: SSN with California Driver License
*
CC 1798: SSN with CCN
*
CC 1798: Name and Common Diseases (starting with v7.8.2)
*
CC 1798: Name and Sensitive Disease or Drug (starting with v7.8.2)
*
CC 1798: Name and HICN (starting with v7.8.2)
Colorado
Colorado HB 1119 requires any individual or commercial entity that conducts business in Colorado and owns or licenses computerized data that includes Private Information or maintains such data to provide consumer notification of data breaches. The policy detects combinations of Personally Identifiable Information (PII) like social security, credit card, and Colorado driver license numbers. The rules for this policy are:
*
HB 1119: SSN: with Colorado driver license
*
HB 1119: SSN with CCN
*
HB 1119: Name with SSN
*
HB 1119: Name with Colorado driver license
*
HB 1119: Name with CCN
*
HB 1119: SSN with DNA profile
Connecticut
Connecticut SB 650 requires a business that has suffered a security breach involving personal information to disclose it to affected consumers, generally without unreasonable delay. The policy detects combinations of Personally Identifiable Information (PII) like full names, social security numbers, Connecticut driver license and credit card numbers. Additional rules detect passwords. The rules for this policy are:
*
SB 650: Name and SSN
*
SB 650: Name and DL
*
SB 650: Name and CCN
*
SB 650: Name and Password
*
SB 650: Password dissemination for Web traffic
*
SB 650: Account and Password
Delaware
Delaware HB 116 helps ensure that personal information about Delaware residents is protected by encouraging data brokers to provide reasonable security for personal information. It requires an individual or a commercial entity that conducts business in Delaware and that owns or licenses computerized data that includes personal information to notify a resident of Delaware of any breach of the security of the system. The policy detects combinations of Personally Identifiable Information (PII) like full names, social security and credit card numbers, alone or with sensitive health information. Additional rules detect passwords.The rules for this policy are:
*
HB 116: Account and Password
*
HB 116: Credit cards and Common Diseases
*
HB 116: Credit cards and Sensitive Disease or drug
*
HB 116: Name and CCN
*
HB 116: Name and Password
*
HB 116: Name and SSN
*
HB 116: Password dissemination for Web traffic
District of Columbia
District of Columbia 28-3852 mandates that consumers should be notified when electronically-stored personal information is compromised in a way that increases the risk of identity theft. The policy detects unencrypted combinations of Personally Identifiable Information (PII) like full names, social security numbers, DC driver license and credit card numbers. Additional rules detect passwords. The rules for this policy are:
*
DC 28-3852: Name and SSN
*
DC 28-3852: Name and DL
*
DC 28-3852: Name and CCN
*
DC 28-3852: Name and Password
*
DC 28-3852: Password dissemination for Web traffic
Florida
Florida HB 481 requires businesses maintaining computerized data including PI to provide notice of security system breach in certain circumstances. This State law affects any person that conducts business in Florida and owns or licenses computerized data that includes PI or maintains such data. The policy detects combinations of Personally Identifiable Information (PII) like social security, credit card, and driver license numbers with different thresholds, according to the severity levels mandated. Additional rules detect passwords. The rules for this policy are:
*
HB 481: SSN with CCN
*
HB 481: CCN with FL Driver License
*
HB 481: Suspected passwords
Georgia
Georgia SB 230 requires expeditious notification of unauthorized acquisition and possible misuse of PI. This State policy applies to information brokers that own or license computerized data that includes PI or a person or business who maintains such data on behalf of brokers. The policy detects combinations of Personally Identifiable Information (PII) like social security, credit card, and driver license numbers. Additional rules detect passwords.The rules for this policy are:
*
SB 230: SSN with CCN
*
SB 230: CCN with GA Driver License
*
SB 230: Suspected passwords
*
SB 230: Password dissemination for Web traffic
Hawaii
Hawaii SB 2290 requires businesses and government agencies to notify individual residents when their personal information has been compromised by unauthorized disclosure. Personal information is considered an individual's full name in combination with any of the following: social security number, driver's license number, or financial account information. The policy detects combination full names with social security, driver's license, or credit card numbers. Additional rules detect passwords and account numbers. The rules for this policy are:
*
SB-2290: Name and SSN
*
SB-2290: Name and DL
*
SB-2290: Name and CCN
*
SB-2290: Name and Password
*
SB-2290: Password dissemination for Web traffic
*
SB-2290: Account and Password
Idaho
Idaho SB-1374 requires agencies, individuals, and commercial entities to disclose when the security of computerized personal information has been breached. Personal information is considered an individual's full name in combination with any of the following: social security number, driver's license number, or financial account information. The policy detects combination full names with social security, driver's license, or credit card numbers. Additional rules detect passwords and account numbers. The rules for this policy are:
*
SB-1374: Name and SSN
*
SB-1374: Name and DL
*
SB-1374: Name and CCN
*
SB-1374: Name and Password
*
SB-1374: Password dissemination for Web traffic
*
SB-1374: Account and Password
Illinois
Illinois HB 1633 requires data collector to provide notification of security breach after discovery, even if data has not been accessed by unauthorized person. This State law affects all data collectors that own or license PI or maintains computerized data that includes PI. The policy detects combinations of Personally Identifiable Information (PII) like social security, credit card, state ID and driver license numbers. Additional rules detect passwords. The rules for this policy are:
*
HB 1633: SSN with CCN
*
HB 1633: CCN with Illinois Driver Lice
*
HB 1633: CCN with Illinois State ID
*
HB 1633: Suspected passwords
*
HB 1633: Password dissemination for Web traffic
Indiana
Indiana HB 1101 requires a business that has suffered a security breach involving personal information to disclose it to affected consumers, generally without unreasonable delay. It generally requires the notice to be given in writing, by telephone, or electronically. The policy detects combinations of Personally Identifiable Information (PII) like full names, social security numbers, Indiana driver license and credit card numbers. Additional rules detect passwords. The rules for this policy are:
*
HB 1101: Name and SSN
*
HB 1101: Name and DL
*
HB 1101: Name and CCN
*
HB 1101: Name and Password
*
HB 1101: Password dissemination for Web traffic
*
HB 1101: Account and Password
Iowa
Iowa SF 2308 requires notification of Iowa consumers of a security breach involving personal information by the person who owns, maintains or otherwise possesses the information. The policy detects unencrypted combinations of Personally Identifiable Information (PII) like full names, social security numbers, DNA data, Iowa driver license and credit card numbers. Additional rules detect passwords.The rules for this policy are:
*
Iowa SF 2308: Name and SSN
*
Iowa SF 2308: Name and DL
*
Iowa SF 2308: Name and CCN
*
Iowa SF 2308: Name and Password
*
Iowa SF 2308: Password dissemination for Web traffic
*
Iowa SF 2308: DNA profile
Kansas
Kansas SB-196 requires that consumers are notified promptly if the security of their information has been compromised, and gives the public the right to freeze their credit files if they become a victim of identity theft. The policy detects the combination of full names with Social Security, driver's license, or credit card numbers. Additional rules detect passwords and account numbers. The rules for this policy are:
*
SB-196: Name and SSN
*
SB-196: Name and DL
*
SB-196: Name and CCN
*
SB-196: Name and Password
*
SB-196: Password dissemination for Web traffic
*
SB-196: Account and Password
Louisiana
Louisiana SB-205 requires that consumers are notified when the security of their personal information has been breached. Personal information is defined to include unencrypted information on an individual consisting of the individual's name and one or more of several other pieces of information, including a Social Security number, driver's license number, account number, password, or other access codes. The policy detects combination full names with social security, driver's license, or credit card numbers. Additional rules detect passwords and account numbers. The rules for this policy are:
*
SB-205: Name and SSN
*
SB-205: Name and DL
*
SB-205: Name and CCN
*
SB-205: Name and Password
*
SB-205: Password dissemination for Web traffic
*
SB-205: Account and Password
Maine
Maine LD-1671 requires that consumers are notified promptly if the security of their information has been compromised, and gives the public the right to freeze their credit files if they become a victim of identity theft. The policy detects the combination of full names with Social Security, driver's license, or credit card numbers. Additional rules detect passwords and account numbers. The rules for this policy are:
*
LD-1671: Name and SSN
*
LD-1671: Name and DL
*
LD-1671: Name and CCN
*
LD-1671: Name and Password
*
LD-1671: Password dissemination for Web traffic
*
LD-1671: Account and Password
Maryland
Maryland SB 194 requires all businesses in Maryland take reasonable steps to ensure that no personal information is accessed by unauthorized individuals. Brokers and agents should also be taking reasonable steps to ensure that the personal information is stored safely. Personal information is considered the customer's full name in combination with any of the following: Social Security or tax I.D. number, driver's license number, or financial account information. Businesses are required to notify the Attorney General's office and customer if personal information in an electronic database is breached. The policy detects combination full names with social security, driver's license, or credit card numbers. Additional rules detect passwords and account numbers. The rules for this policy are:
*
SB 194: Name and SSN
*
SB 194: Name and DL
*
SB 194: Name and CCN
*
SB 194: Name and Password
*
SB 194: Password dissemination for Web traffic
*
SB 194: Account and Password
Massachusetts
Massachusetts 201 CMR 17 mandates that a business in Massachusetts shall encrypt any personal information of a customer that is transmitted over public networks or stored on lap tops or removable memory. The policy detects unencrypted combinations of Personally Identifiable Information (PII) like full names, social security numbers, Massachusetts driver license and credit card numbers. Additional rules detect passwords. The rules for this policy are:
*
MA 201 CMR: Name and SSN
*
MA 201 CMR: Name and SSN (Wide)
*
MA 201 CMR: Name and DL
*
MA 201 CMR: Name and DL (Wide)
*
MA 201 CMR: Name and CCN
*
MA 201 CMR: Name and CCN (Wide)
*
MA 201 CMR: Name and ID
*
MA 201 CMR: Name and Password
*
MA 201 CMR: Password dissemination for Web traffic
*
MA 201 CMR: Name with Account and Password
*
MA 201 CMR: Account and Password
Michigan
Michigan Privacy Act SB 309 requires a state agency or a private company that maintains computerized data with personalized information on individuals to notify those individuals if a breach of security allows unencrypted personal identifying information to be acquired by an unauthorized person.  Failure to comply with the notification requirements would be punishable by civil fines up to a maximum of $2.5 million. The policy detects combinations of Personally Identifiable Information (PII) like social security numbers, Michigan driver license, credit card numbers, and DNA.The rules for this policy are:
*
MI SB 309: SSN
*
MI SB 309: SSN with CCN
*
MI SB 309: SSN with Michigan DL
*
MI SB 309: SSN with Account Number
*
MI SB 309: SSN with PIN Number
*
MI SB 309: SSN with possible password
*
MI SB 309: SSN with DNA profile
Minnesota
Minnesota H.F. 2121 code requires businesses to provide consumer notification of data breaches. It is applicable to any person that conducts business in Minnesota and owns or licenses computerized data that includes PI or maintains such data. The policy detects combinations of Personally Identifiable Information (PII) like social security, credit card, and Minnesota driver license numbers. The rules for this policy are:
*
H.F. 2121: SSN: with MN driver license
*
H.F. 2121: SSN with CCN
*
H.F. 2121: Name with SSN
*
H.F. 2121: Name with Minnesota driver license
*
H.F. 2121: Name with CCN
*
H.F. 2121: SSN with DNA profile
Missouri
Missouri HB 62 requires a notification for breaches of electronically-stored personal information. Any business that owns or licenses personal information belonging to Missouri residents must provide notice to affected individuals in the event of a breach of security involving the individual's personal information. Personal information is defined as an individual's name, in combination with a data element that has not been encrypted, redacted or otherwise made unreadable or unusable. Data elements include an individual's social security number, driver's license number, and financial account numbers with access passwords, access codes to financial accounts, medical information, or health insurance information. The policy detects combination full names with social security, driver's license, or credit card numbers. Additional rules detect passwords, account numbers and medical information. The rules for this policy are:
*
HB 62: Account and Password
*
HB 62: ICD10 Descriptions and US full names
*
HB 62: Name and CCN
*
HB 62: Name and DL
*
HB 62: Name and Password
*
HB 62: Name and Sensitive Disease or drug
*
HB 62: Name and SSN
*
HB 62: Password dissemination for Web traffic
Montana
Montana HB-732 requires that consumers are notified promptly if the security of their information has been compromised, and gives the public the right to freeze their credit files if they become a victim of identity theft. The policy detects the combination of full names with Social Security, driver's license, or credit card numbers. Additional rules detect passwords and account numbers. The rules for this policy are:
*
HB-732: Name and SSN
*
HB-732: Name and DL
*
HB-732: Name and CCN
*
HB-732: Name and Password
*
HB-732: Password dissemination for Web traffic
*
HB-732: Account and Password
Nevada
Nevada SB 227 and NRS 603A require that organizations or business entities in Nevada shall not disseminate unencrypted personal information and shall not move any data storage device containing unencrypted personal information outside of the secure system of the business. NRS 603A also mandates notification of the breach to any resident of this State whose unencrypted personal information is reasonably believed to have been acquired by an unauthorized person. The pre-defined policy detects Personally Identifiable Information (PII) that should be encrypted, like full names with social security numbers, Nevada driver license, credit card numbers, and passwords. The rules for this policy are:
*
Nevada SB 227 and NRS 603A: Account and Password
*
Nevada SB 227 and NRS 603A: Name and CCN
*
Nevada SB 227 and NRS 603A: Name and CCN (Wide)
*
Nevada SB 227 and NRS 603A: Name and DL
*
Nevada SB 227 and NRS 603A: Name and DL (Wide)
*
Nevada SB 227 and NRS 603A: Name and ID
*
Nevada SB 227 and NRS 603A: Name and Password
*
Nevada SB 227 and NRS 603A: Name and SSN
*
Nevada SB 227 and NRS 603A: Name and SSN (Wide)
*
Nevada SB 227 and NRS 603A: Name with Account and Password
*
Nevada SB 227 and NRS 603A: Password dissemination for Web traffic
New Hampshire
New Hampshire HB-1660 requires businesses who own or license computerized data that includes personal information shall, when they become aware of a security breach, promptly determine the likelihood that the information has been or will be misused. If the determination is that misuse of the information has occurred or is reasonably likely to occur, or if a determination cannot be made, businesses shall notify the affected individuals as soon as possible. Personal information is considered the customer's full name in combination with any of the following: Social Security number, driver's license number, or financial account information. The policy detects combination full names with social security, driver's license, or credit card numbers. Additional rules detect passwords and account numbers. The rules for this policy are:
*
HB-1660: Name and SSN
*
HB-1660: Name and DL
*
HB-1660: Name and CCN
*
HB-1660: Name and Password
*
HB-1660: Password dissemination for Web traffic
*
HB-1660: Account and Password
New Jersey
New Jersey A 4001 requires businesses or public entities that are compiling or maintaining computerized data with personal information (PI) to disclose a security breach if the personal information is reasonably believed to be acquired by unauthorized persons. The policy detects combinations of Personally Identifiable Information (PII) like social security, credit card, and driver license numbers. Additional rules detect passwords. The rules for this policy are:
*
A 4001: SSN with CCN
*
A 4001: CCN with NJ Driver License
*
A 4001: Suspected passwords
*
A 4001: Password dissemination for Web traffic
New York State
New York AB 4254 guarantees individuals the right to know what information was exposed during a breach, so that they can take the necessary steps to both prevent and repair any damage incurred. The policy detects combinations of Personally Identifiable Information (PII) like social security, credit card, and New York driver license numbers. The rules for this policy are:
*
AB 4254: Name with CCN
*
AB 4254: Name with New-York driver license
*
AB 4254: Name with SSN
*
AB 4254: SSN with CCN
*
AB 4254: SSN with DNA profile
*
AB 4254: SSN: with NY driver license
North Carolina
North Carolina Identity Theft Protection Act, SB 1048, mandates protection of personal information and requires NC businesses to notify consumers in case of a security breach. The policy detects unencrypted combinations of Personally Identifiable Information (PII) like full names with social security numbers, NC driver licenses, and credit card numbers. The rules for this policy are:
*
NC SB 1048: Name and SSN
*
NC SB 1048: Name and DL
*
NC SB 1048: Name and CCN
Ohio
Ohio HB 104 mandates that consumers should be notified when electronically-stored personal information is compromised in a way that increases the risk of identity theft. The policy detects unencrypted combinations of Personally Identifiable Information (PII) like full names, social security numbers, Ohio driver licenses, and credit card numbers. Additional rules detect passwords. The rules for this policy are:
*
Ohio HB 104: Name and SSN
*
Ohio HB 104: Name and DL
*
Ohio HB 104: Name and CCN
*
Ohio HB 104: Name and Password
*
Ohio HB 104: Password dissemination for Web traffic
Oklahoma
Oklahoma HB-2357 requires that agencies, individuals, and commercial entities disclose when the security of computerized personal information has been breached. Personal information is considered the consumer's full name in combination with any of the following: Social Security number, driver's license number, or financial account information. The policy detects combination full names with social security, driver's license, or credit card numbers. Additional rules detect passwords and account numbers. The rules for this policy are:
*
HB-2357: Name and SSN
*
HB-2357: Name and DL
*
HB-2357: Name and CCN
*
HB-2357: Name and Password
*
HB-2357: Password dissemination for Web traffic
*
HB-2357: Account and Password
Oregon
Oregon Consumer Identity Protection Act (SB 583) requires that consumers are notified promptly if the security of their information has been compromised, and gives the public the right to freeze their credit files if they become a victim of identity theft. The policy detects combination full names with social security, driver's license, or credit card numbers. Additional rules detect passwords and account numbers.The rules for this policy are:
*
SB 583: Name and SSN
*
SB 583: Name and DL
*
SB 583: Name and CCN
*
SB 583: Name and Password
*
SB 583: Password dissemination for Web traffic
*
SB 583: Account and Password
Pennsylvania
Pennsylvania SB 712 provides for the notification of residents whose personal information data was or may have been disclosed due to a security system breach, and imposes penalties. The policy detects combinations of Personally Identifiable Information (PII) like full names, social security numbers, Pennsylvania driver licenses, and credit card numbers. Additional rules detect passwords. The rules for this policy are:
*
SB 712: Name and SSN
*
SB 712: Name and DL
*
SB 712: Name and CCN
*
SB 712: Name and Password
*
SB 712: Password dissemination for Web traffic
*
SB 712: Account and Password
Rhode Island
Rhode Island HB-6191 requires that agencies, individuals, and commercial entities disclose when the security of computerized personal information has been breached. Personal information is considered the consumer's full name in combination with any of the following: Social Security number, driver's license number, or financial account information. The policy detects combination full names with social security, driver's license, or credit card numbers. Additional rules detect passwords and account numbers. The rules for this policy are:
*
HB-6191: Name and SSN
*
HB-6191: Name and DL
*
HB-6191: Name and CCN
*
HB-6191: Name and Password
*
HB-6191: Password dissemination for Web traffic
*
HB-6191: Account and Password
Tennessee
Tennessee SB 2220 requires notice of a breach of the security, confidentiality, or integrity of unencrypted, personal information by persons doing business in the state. Personal information is defined as an individual's name, in combination with individual's social security number, driver's license number, or financial account numbers with access passwords. The policy detects combinations of Personally Identifiable Information (PII) like full names, social security numbers, driver's license, and credit card numbers. Additional rules detect passwords. The rules for this policy are:
*
SB 2220: Name and SSN
*
SB 2220: Name and DL
*
SB 2220: Name and CCN
*
SB 2220: Name and Password
*
SB 2220: Password dissemination for Web traffic
*
SB 2220: Account and Password
Texas
Texas SB 122 requires that any person that conducts business in Texas and owns or licenses computerized data that includes sensitive Private Information will take reasonable measures to protect it. The policy detects combinations of Personally Identifiable Information (PII) like social security, credit card, and Texas driver license numbers.The rules for this policy are:
*
SB 122: SSN: with Texas driver license
*
SB 122: SSN with CCN
*
SB 122: Name with SSN
*
SB 122: Name with Texas driver license
*
SB 122: Name with CCN
*
SB 122: SSN with DNA profile
Utah
Utah SB 69's purpose is to address the integrity of consumer credit databases. It is applicable to any person that conducts business in Utah and maintains PI. The policy detects combinations of Personally Identifiable Information (PII) like social security, credit card, and driver license numbers. Additional rules detect passwords.The rules for this policy are:
*
SB 69: SSN with CCN
*
SB 69: CCN with Utah Driver License
*
SB 69: Suspected passwords
*
SB 69: Password dissemination for Web traffic
*
SB 69: SSN and Account number and Password
Virginia
Virginia SB 307 mandates that consumers should be notified when their personal information is compromised in a way that increases the risk of identity theft or other fraud. The bill also requires covered entities to notify the state attorney general in the case of breaches of personal information of more than 1,000 residents. The policy detects unencrypted combinations of Personally Identifiable Information (PII) like full names, social security numbers, Virginia driver license and credit card numbers. The rules for this policy are:
*
VA SB 307: Name and SSN
*
VA SB 307: Name and DL
*
VA SB 307: Name and CCN
Washington
Washington SB 6043 requires that any person or business that owns or licenses computerized data that includes PI must disclose security system breach to those whose unencrypted PI is reasonably believed to be acquired by an unauthorized person. The policy detects combinations of Personally Identifiable Information (PII) like social security, credit card, and Washington driver license numbers.The rules for this policy are:
*
SB 6043: SSN: with WA driver license
*
SB 6043: SSN with CCN
*
SB 6043: Name with SSN
*
SB 6043: Name with Washington driver license
*
SB 6043: Name with CCN
*
SB 6043: SSN with DNA profile
Wisconsin
Wisconsin SB 164 requires notice of unauthorized use of personal identifying information. The policy detects combinations of Personally Identifiable Information (PII) like social security, credit card, and driver license numbers, with sensitive private information like DNA profile or password.The rules for this policy are:
*
SB 164: SSN with CCN
*
SB 164: SSN with Wisconsin DL
*
SB 164: SSN with Account Number
*
SB 164: SSN with PIN Number
*
SB 164: SSN with possible password
*
SB 164: SSN with DNA profile

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Predefined Policies and Classifiers > Data Loss Prevention policies > Regulations, Compliance and Standards > Privacy Regulations
Copyright 2016 Forcepoint LLC. All rights reserved.