Documentation | Support

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Forcepoint DLP Predefined Policies and Classifiers > Data Loss Prevention policies > Regulations, Compliance and Standards > United States of America - State Privacy Regulations
United States of America - State Privacy Regulations
Predefined Policies and Classifiers | Forcepoint DLP | v8.4.x
Policies for promoting compliance with various states' privacy regulations
*
Alaska
*
Arizona
*
Arkansas
*
California
*
Colorado
*
Connecticut
*
Delaware
*
District of Columbia
*
Florida
*
Georgia
*
Hawaii
*
Idaho
*
Illinois
*
Indiana
*
Iowa
*
Kansas
*
Louisiana
*
Maine
*
Maryland
*
Massachusetts
*
Michigan
*
Minnesota
*
Missouri
*
Montana
*
Nevada
*
New Hampshire
*
New Jersey
*
New York
*
North Carolina
*
Ohio
*
Oklahoma
*
Oregon
*
Pennsylvania
*
Rhode Island
*
Tennessee
*
Texas
*
Utah
*
Virginia
*
Washington
*
Wisconsin
Alaska
Alaska HB 65 notifies consumers when a data breach concerning personal information has occurred. Personal information is defined to include unencrypted information on an individual, which consists of the individual's name and one or more of several other pieces of information, including a social security number, driver's license number, account number, password, or other access codes. The policy detects combination full names with social security, driver's license, or credit card numbers. Additional rules detect passwords and account numbers. The rules for this policy are:
*
HB 65: Name and SSN
*
HB 65: Name and DL
*
HB 65: Name and CCN
*
HB 65: Name and Password
*
HB 65: Password dissemination for Web traffic
*
HB 65: Account and Password
Arizona
Arizona SB 1338 (http://www.azleg.gov/legtext/47leg/2r/bills/sb1338h.pdf) Requires a person who conducts business in Arizona and owns or licenses unencrypted computerized data that includes personal information to maintain its secrecy and confidentiality and to report about incidents that materially compromises the security or confidentiality of personal information. The rules for this policy are:
*
SB 1338: SSN with AZ driver license
*
SB 1338: SSN with CCN
Arkansas
Arkansas SB 1167 requires organizations to protect personal information of Arkansas residents (including personal health information) and to inform Arkansas customers when their private information is disclosed during a security breach. The policy comprises rules that detect combinations of personally identifiable information combinations with sensitive information such as private health information, credit card numbers, or passwords. The rules for this policy are:
*
Arkansas SB 1167: Arkansas Driver License with Sensitive Disease or Drug
*
Arkansas SB 1167: CCN with Arkansas Driver License
*
Arkansas SB 1167: Names with Sensitive Disease or Drug (Default)
*
Arkansas SB 1167: Names with Sensitive disease or drug (Narrow)
*
Arkansas SB 1167: Password dissemination for Web traffic
*
Arkansas SB 1167: SSN with CCN
*
Arkansas SB 1167: SSN with Sensitive Disease or Drug
*
Arkansas SB 1167: Suspected Passwords
California
*
California AB 1298: requires organizations to protect Californians' personal information (including personal health information) and to inform Californians when their private information is disclosed during a security breach. The policy comprises rules that detect combinations of personally identifiable information combinations with sensitive information such as private health information, credit card numbers, or passwords. The rules for this policy are:
*
AB 1298: California Driver License with Sensitive Disease or Drug
*
AB 1298: CCN: with CA Driver License
*
AB 1298: Names with Sensitive Disease or drug
*
AB 1298: Password dissemination for Web traffic
*
AB 1298: SSN with CCN
*
AB 1298: SSN with Sensitive Disease or Drug
*
AB 1298: Suspected Passwords
*
California AB 1950: requires organizations to notify Californians if their personal information is disclosed during a security breach. This law adds medical information to the information to be protected and extended the responsibility to organizations outside of the State, if they collect information about California residents. It does not apply to organizations that are subject to other privacy laws. The rules for this policy are:
*
AB 1950: SSN with CCN
*
AB 1950: CCN with CA Driver License
*
AB 1950: Suspected Passwords
*
AB 1950: Password dissemination for Web traffic
*
California SB 541 and AB 211: these amend the California Health and Safety Code and section 56.36 of the Civil Code. The bills give the state of California the ability to assess and enforce high fines for unauthorized leakage or access of private health information and create a new State Office of Health Information Integrity (OHII) to oversee data issues. The policy detects combinations of Personally Identifiable Information (PII) like names, social security or credit card number, and sensitive health information such as medical condition and DNA profiles. The rules for this policy are:
*
SB 541: SSN and Sensitive Disease or drug
*
SB 541: SSN and Common Medical Condition
*
SB 541: Credit cards and Sensitive Disease or drug
*
SB 541: Credit card and Common Medical Condition
*
SB 541: Name and Common Medical Condition
*
SB 541: Name (Narrow) and Common Medical Condition
*
SB 541: Name and Sensitive Disease or drug
*
SB 541: Names (Narrow) and Sensitive Disease or drug
*
SB 541: Celebrities Names and Sensitive Disease or drug
*
SB 541: Celebrity Name and Common Medical Condition
*
SB 541: DNA profile
*
SB 541: ICD10 Codes and US full names
*
SB 541: ICD10 Descriptions and US full names
*
SB 541: ICD9 Codes and US full names
*
SB 541: ICD9 Descriptions and US full names
*
California Financial Information Privacy Act (also known as SB 1) requires financial institutions to provide their consumers notice and meaningful choice about how consumers' non-public personal information is shared or sold by their financial institutions. It provides greater privacy protections than those provided by the Gramm-Leach-Bliley Act. The policy contains rules to detect accounts, credit cards, social security numbers, and California driver license numbers. The rules for this policy are:
*
SB 1: CCN (Default)
*
SB 1: CCN (Narrow)
*
SB 1: SSN
*
SB 1: SSN with CA driver license
*
SB 1: SSN with CCN
*
SB 1: 10 Digit Account Numbers
*
SB 1: 9 Digit Account Numbers
*
SB 1: 5-8 Digit Account Numbers
*
California SB 1386: requires organizations to notify Californians if their personal information is disclosed during a security breach. SB 1386 is directed at state agencies and businesses operating in California. Personal information is defined as an individual's first name or first initial and last name with any of the following.The rules for this policy are.
*
CC 1798: SSN with California Driver License
*
CC 1798: SSN with CCN
*
CC 1798: Name and Common Medical Condition
*
CC 1798: Name and Sensitive Disease or Drug
*
CC 1798: Name and HICN
Colorado
Colorado HB 1119 requires any individual or commercial entity that conducts business in Colorado and owns or licenses computerized data that includes Private Information or maintains such data to provide consumer notification of data breaches. The policy detects combinations of Personally Identifiable Information (PII) like social security, credit card, and Colorado driver license numbers. The rules for this policy are:
*
HB 1119: SSN: with Colorado driver license
*
HB 1119: SSN with CCN
*
HB 1119: Name with SSN
*
HB 1119: Name with Colorado driver license
*
HB 1119: Name with CCN
*
HB 1119: SSN with DNA profile
Connecticut
Connecticut SB 650 requires a business that has suffered a security breach involving personal information to disclose it to affected consumers, generally without unreasonable delay. The policy detects combinations of Personally Identifiable Information (PII) like full names, social security numbers, Connecticut driver license and credit card numbers. Additional rules detect passwords. The rules for this policy are:
*
SB 650: Name and SSN
*
SB 650: Name and DL
*
SB 650: Name and CCN
*
SB 650: Name and Password
*
SB 650: Password dissemination for Web traffic
*
SB 650: Account and Password
Delaware
Delaware HB 116 helps ensure that personal information about Delaware residents is protected by encouraging data brokers to provide reasonable security for personal information. It requires an individual or a commercial entity that conducts business in Delaware and that owns or licenses computerized data that includes personal information to notify a resident of Delaware of any breach of the security of the system. The policy detects combinations of Personally Identifiable Information (PII) like full names, social security and credit card numbers, alone or with sensitive health information. Additional rules detect passwords.The rules for this policy are:
*
HB 116: Account and Password
*
HB 116: Credit cards and Common Medical Condition
*
HB 116: Credit cards and Sensitive Disease or drug
*
HB 116: Name and CCN
*
HB 116: Name and Password
*
HB 116: Name and SSN
*
HB 116: Password dissemination for Web traffic
District of Columbia
District of Columbia 28-3852 mandates that consumers should be notified when electronically-stored personal information is compromised in a way that increases the risk of identity theft. The policy detects unencrypted combinations of Personally Identifiable Information (PII) like full names, social security numbers, DC driver license and credit card numbers. Additional rules detect passwords. The rules for this policy are:
*
DC 28-3852: Name and SSN
*
DC 28-3852: Name and DL
*
DC 28-3852: Name and CCN
*
DC 28-3852: Name and Password
*
DC 28-3852: Password dissemination for Web traffic
Florida
Florida HB 481 requires businesses maintaining computerized data including PI to provide notice of security system breach in certain circumstances. This State law affects any person that conducts business in Florida and owns or licenses computerized data that includes PI or maintains such data. The policy detects combinations of Personally Identifiable Information (PII) like social security, credit card, and driver license numbers with different thresholds, according to the severity levels mandated. Additional rules detect passwords. The rules for this policy are:
*
HB 481: SSN with CCN
*
HB 481: CCN with FL Driver License
*
HB 481: Suspected passwords
Georgia
Georgia SB 230 requires expeditious notification of unauthorized acquisition and possible misuse of PI. This State policy applies to information brokers that own or license computerized data that includes PI or a person or business who maintains such data on behalf of brokers. The policy detects combinations of Personally Identifiable Information (PII) like social security, credit card, and driver license numbers. Additional rules detect passwords.The rules for this policy are:
*
SB 230: SSN with CCN
*
SB 230: CCN with GA Driver License
*
SB 230: Suspected passwords
*
SB 230: Password dissemination for Web traffic
Hawaii
Hawaii SB 2290 requires businesses and government agencies to notify individual residents when their personal information has been compromised by unauthorized disclosure. Personal information is considered an individual's full name in combination with any of the following: social security number, driver's license number, or financial account information. The policy detects combination full names with social security, driver's license, or credit card numbers. Additional rules detect passwords and account numbers. The rules for this policy are:
*
SB-2290: Name and SSN
*
SB-2290: Name and DL
*
SB-2290: Name and CCN
*
SB-2290: Name and Password
*
SB-2290: Password dissemination for Web traffic
*
SB-2290: Account and Password
Idaho
Idaho SB-1374 requires agencies, individuals, and commercial entities to disclose when the security of computerized personal information has been breached. Personal information is considered an individual's full name in combination with any of the following: social security number, driver's license number, or financial account information. The policy detects combination full names with social security, driver's license, or credit card numbers. Additional rules detect passwords and account numbers. The rules for this policy are:
*
SB-1374: Name and SSN
*
SB-1374: Name and DL
*
SB-1374: Name and CCN
*
SB-1374: Name and Password
*
SB-1374: Password dissemination for Web traffic
*
SB-1374: Account and Password
Illinois
Illinois HB 1633 requires data collector to provide notification of security breach after discovery, even if data has not been accessed by unauthorized person. This State law affects all data collectors that own or license PI or maintains computerized data that includes PI. The policy detects combinations of Personally Identifiable Information (PII) like social security, credit card, state ID and driver license numbers. Additional rules detect passwords. The rules for this policy are:
*
HB 1633: SSN with CCN
*
HB 1633: CCN with Illinois Driver Lice
*
HB 1633: CCN with Illinois State ID
*
HB 1633: Suspected passwords
*
HB 1633: Password dissemination for Web traffic
Indiana
Indiana HB 1101 requires a business that has suffered a security breach involving personal information to disclose it to affected consumers, generally without unreasonable delay. It generally requires the notice to be given in writing, by telephone, or electronically. The policy detects combinations of Personally Identifiable Information (PII) like full names, social security numbers, Indiana driver license and credit card numbers. Additional rules detect passwords. The rules for this policy are:
*
HB 1101: Name and SSN
*
HB 1101: Name and DL
*
HB 1101: Name and CCN
*
HB 1101: Name and Password
*
HB 1101: Password dissemination for Web traffic
*
HB 1101: Account and Password
Iowa
Iowa SF 2308 requires notification of Iowa consumers of a security breach involving personal information by the person who owns, maintains or otherwise possesses the information. The policy detects unencrypted combinations of Personally Identifiable Information (PII) like full names, social security numbers, DNA data, Iowa driver license and credit card numbers. Additional rules detect passwords.The rules for this policy are:
*
Iowa SF 2308: Name and SSN
*
Iowa SF 2308: Name and DL
*
Iowa SF 2308: Name and CCN
*
Iowa SF 2308: Name and Password
*
Iowa SF 2308: Password dissemination for Web traffic
*
Iowa SF 2308: DNA profile
Kansas
Kansas SB-196 requires that consumers are notified promptly if the security of their information has been compromised, and gives the public the right to freeze their credit files if they become a victim of identity theft. The policy detects the combination of full names with Social Security, driver's license, or credit card numbers. Additional rules detect passwords and account numbers. The rules for this policy are:
*
SB-196: Name and SSN
*
SB-196: Name and DL
*
SB-196: Name and CCN
*
SB-196: Name and Password
*
SB-196: Password dissemination for Web traffic
*
SB-196: Account and Password
Louisiana
Louisiana SB-205 requires that consumers are notified when the security of their personal information has been breached. Personal information is defined to include unencrypted information on an individual consisting of the individual's name and one or more of several other pieces of information, including a Social Security number, driver's license number, account number, password, or other access codes. The policy detects combination full names with social security, driver's license, or credit card numbers. Additional rules detect passwords and account numbers. The rules for this policy are:
*
SB-205: Name and SSN
*
SB-205: Name and DL
*
SB-205: Name and CCN
*
SB-205: Name and Password
*
SB-205: Password dissemination for Web traffic
*
SB-205: Account and Password
Maine
Maine LD-1671 requires that consumers are notified promptly if the security of their information has been compromised, and gives the public the right to freeze their credit files if they become a victim of identity theft. The policy detects the combination of full names with Social Security, driver's license, or credit card numbers. Additional rules detect passwords and account numbers. The rules for this policy are:
*
LD-1671: Name and SSN
*
LD-1671: Name and DL
*
LD-1671: Name and CCN
*
LD-1671: Name and Password
*
LD-1671: Password dissemination for Web traffic
*
LD-1671: Account and Password
Maryland
Maryland SB 194 requires all businesses in Maryland take reasonable steps to ensure that no personal information is accessed by unauthorized individuals. Brokers and agents should also be taking reasonable steps to ensure that the personal information is stored safely. Personal information is considered the customer's full name in combination with any of the following: Social Security or tax ID number, driver's license number, or financial account information. Businesses are required to notify the Attorney General's office and customer if personal information in an electronic database is breached. The policy detects combination full names with social security, driver's license, or credit card numbers. Additional rules detect passwords and account numbers. The rules for this policy are:
*
SB 194: Name and SSN
*
SB 194: Name and DL
*
SB 194: Name and CCN
*
SB 194: Name and Password
*
SB 194: Password dissemination for Web traffic
*
SB 194: Account and Password
Massachusetts
Massachusetts 201 CMR 17 mandates that a business in Massachusetts shall encrypt any personal information of a customer that is transmitted over public networks or stored on lap tops or removable memory. The policy detects unencrypted combinations of Personally Identifiable Information (PII) like full names, social security numbers, Massachusetts driver license and credit card numbers. Additional rules detect passwords. The rules for this policy are:
*
MA 201 CMR: Name and SSN
*
MA 201 CMR: Name and SSN (Wide)
*
MA 201 CMR: Name and DL
*
MA 201 CMR: Name and DL (Wide)
*
MA 201 CMR: Name and CCN
*
MA 201 CMR: Name and CCN (Wide)
*
MA 201 CMR: Name and ID
*
MA 201 CMR: Name and Password
*
MA 201 CMR: Password dissemination for Web traffic
*
MA 201 CMR: Name with Account and Password
*
MA 201 CMR: Account and Password
Michigan
Michigan Privacy Act SB 309 requires a state agency or a private company that maintains computerized data with personalized information on individuals to notify those individuals if a breach of security allows unencrypted personal identifying information to be acquired by an unauthorized person. Failure to comply with the notification requirements would be punishable by civil fines up to a maximum of $2.5 million. The policy detects combinations of Personally Identifiable Information (PII) like social security numbers, Michigan driver license, credit card numbers, and DNA. The rules for this policy are:
*
MI SB 309: SSN
*
MI SB 309: SSN with CCN
*
MI SB 309: SSN with Michigan DL
*
MI SB 309: SSN with Account Number
*
MI SB 309: SSN with PIN Number
*
MI SB 309: SSN with possible password
*
MI SB 309: SSN with DNA profile
Minnesota
Minnesota H.F. 2121 code requires businesses to provide consumer notification of data breaches. It is applicable to any person that conducts business in Minnesota and owns or licenses computerized data that includes PI or maintains such data. The policy detects combinations of Personally Identifiable Information (PII) like social security, credit card, and Minnesota driver license numbers. The rules for this policy are:
*
Minnesota H.F. 2121: Name with CCN
*
Minnesota H.F. 2121: Name with Minnesota driver license
*
Minnesota H.F. 2121: Name with SSN
*
Minnesota H.F. 2121: SSN with CCN
*
Minnesota H.F. 2121: SSN with DNA profile
*
Minnesota H.F. 2121: SSN with MN driver license
Missouri
Missouri HB 62 requires a notification for breaches of electronically-stored personal information. Any business that owns or licenses personal information belonging to Missouri residents must provide notice to affected individuals in the event of a breach of security involving the individual's personal information. Personal information is defined as an individual's name, in combination with a data element that has not been encrypted, redacted or otherwise made unreadable or unusable. Data elements include an individual's social security number, driver's license number, and financial account numbers with access passwords, access codes to financial accounts, medical information, or health insurance information. The policy detects combination full names with social security, driver's license, or credit card numbers. Additional rules detect passwords, account numbers and medical information. The rules for this policy are:
*
HB 62: Account and Password
*
HB 62: ICD10 Descriptions and US full names
*
HB 62: Name and CCN
*
HB 62: Name and DL
*
HB 62: Name and Password
*
HB 62: Name and Sensitive Disease or drug
*
HB 62: Name and SSN
*
HB 62: Password dissemination for Web traffic
Montana
Montana HB-732 requires that consumers are notified promptly if the security of their information has been compromised, and gives the public the right to freeze their credit files if they become a victim of identity theft. The policy detects the combination of full names with Social Security, driver's license, or credit card numbers. Additional rules detect passwords and account numbers. The rules for this policy are:
*
HB-732: Name and SSN
*
HB-732: Name and DL
*
HB-732: Name and CCN
*
HB-732: Name and Password
*
HB-732: Password dissemination for Web traffic
*
HB-732: Account and Password
Nevada
Nevada SB 227 and NRS 603A require that organizations or business entities in Nevada shall not disseminate unencrypted personal information and shall not move any data storage device containing unencrypted personal information outside of the secure system of the business. NRS 603A also mandates notification of the breach to any resident of this State whose unencrypted personal information is reasonably believed to have been acquired by an unauthorized person. The pre-defined policy detects Personally Identifiable Information (PII) that should be encrypted, like full names with social security numbers, Nevada driver license, credit card numbers, and passwords. The rules for this policy are:
*
Nevada SB 227 and NRS 603A: Account and Password
*
Nevada SB 227 and NRS 603A: Name and CCN
*
Nevada SB 227 and NRS 603A: Name and CCN (Wide)
*
Nevada SB 227 and NRS 603A: Name and DL
*
Nevada SB 227 and NRS 603A: Name and DL (Wide)
*
Nevada SB 227 and NRS 603A: Name and ID
*
Nevada SB 227 and NRS 603A: Name and Password
*
Nevada SB 227 and NRS 603A: Name and SSN
*
Nevada SB 227 and NRS 603A: Name and SSN (Wide)
*
Nevada SB 227 and NRS 603A: Name with Account and Password
*
Nevada SB 227 and NRS 603A: Password dissemination for Web traffic
New Hampshire
New Hampshire HB-1660 requires businesses who own or license computerized data that includes personal information shall, when they become aware of a security breach, promptly determine the likelihood that the information has been or will be misused. If the determination is that misuse of the information has occurred or is reasonably likely to occur, or if a determination cannot be made, businesses shall notify the affected individuals as soon as possible. Personal information is considered the customer's full name in combination with any of the following: Social Security number, driver's license number, or financial account information. The policy detects combination full names with social security, driver's license, or credit card numbers. Additional rules detect passwords and account numbers. The rules for this policy are:
*
HB-1660: Name and SSN
*
HB-1660: Name and DL
*
HB-1660: Name and CCN
*
HB-1660: Name and Password
*
HB-1660: Password dissemination for Web traffic
*
HB-1660: Account and Password
New Jersey
New Jersey A 4001 requires businesses or public entities that are compiling or maintaining computerized data with personal information (PI) to disclose a security breach if the personal information is reasonably believed to be acquired by unauthorized persons. The policy detects combinations of Personally Identifiable Information (PII) like social security, credit card, and driver license numbers. Additional rules detect passwords. The rules for this policy are:
*
A 4001: SSN with CCN
*
A 4001: CCN with NJ Driver License
*
A 4001: Suspected passwords
*
A 4001: Password dissemination for Web traffic
New York
New York AB 4254 guarantees individuals the right to know what information was exposed during a breach, so that they can take the necessary steps to both prevent and repair any damage incurred. The policy detects combinations of Personally Identifiable Information (PII) like social security, credit card, and New York driver license numbers. The rules for this policy are:
*
AB 4254: Name with CCN
*
AB 4254: Name with New-York driver license
*
AB 4254: Name with SSN
*
AB 4254: SSN with CCN
*
AB 4254: SSN with DNA profile
*
AB 4254: SSN: with NY driver license
North Carolina
North Carolina Identity Theft Protection Act, SB 1048, mandates protection of personal information and requires NC businesses to notify consumers in case of a security breach. The policy detects unencrypted combinations of Personally Identifiable Information (PII) like full names with social security numbers, NC driver licenses, and credit card numbers. The rules for this policy are:
*
NC SB 1048: Name and SSN
*
NC SB 1048: Name and DL
*
NC SB 1048: Name and CCN
Ohio
Ohio HB 104 mandates that consumers should be notified when electronically-stored personal information is compromised in a way that increases the risk of identity theft. The policy detects unencrypted combinations of Personally Identifiable Information (PII) like full names, social security numbers, Ohio driver licenses, and credit card numbers. Additional rules detect passwords. The rules for this policy are:
*
Ohio HB 104: Name and SSN
*
Ohio HB 104: Name and DL
*
Ohio HB 104: Name and CCN
*
Ohio HB 104: Name and Password
*
Ohio HB 104: Password dissemination for Web traffic
Oklahoma
Oklahoma HB-2357 requires that agencies, individuals, and commercial entities disclose when the security of computerized personal information has been breached. Personal information is considered the consumer's full name in combination with any of the following: Social Security number, driver's license number, or financial account information. The policy detects combination full names with social security, driver's license, or credit card numbers. Additional rules detect passwords and account numbers. The rules for this policy are:
*
HB-2357: Name and SSN
*
HB-2357: Name and DL
*
HB-2357: Name and CCN
*
HB-2357: Name and Password
*
HB-2357: Password dissemination for Web traffic
*
HB-2357: Account and Password
Oregon
Oregon Consumer Identity Protection Act (SB 583) requires that consumers are notified promptly if the security of their information has been compromised, and gives the public the right to freeze their credit files if they become a victim of identity theft. The policy detects combination full names with social security, driver's license, or credit card numbers. Additional rules detect passwords and account numbers.The rules for this policy are:
*
SB 583: Name and SSN
*
SB 583: Name and DL
*
SB 583: Name and CCN
*
SB 583: Name and Password
*
SB 583: Password dissemination for Web traffic
*
SB 583: Account and Password
Pennsylvania
Pennsylvania SB 712 provides for the notification of residents whose personal information data was or may have been disclosed due to a security system breach, and imposes penalties. The policy detects combinations of Personally Identifiable Information (PII) like full names, social security numbers, Pennsylvania driver licenses, and credit card numbers. Additional rules detect passwords. The rules for this policy are:
*
SB 712: Name and SSN
*
SB 712: Name and DL
*
SB 712: Name and CCN
*
SB 712: Name and Password
*
SB 712: Password dissemination for Web traffic
*
SB 712: Account and Password
Rhode Island
Rhode Island HB-6191 requires that agencies, individuals, and commercial entities disclose when the security of computerized personal information has been breached. Personal information is considered the consumer's full name in combination with any of the following: Social Security number, driver's license number, or financial account information. The policy detects combination full names with social security, driver's license, or credit card numbers. Additional rules detect passwords and account numbers. The rules for this policy are:
*
HB-6191: Name and SSN
*
HB-6191: Name and DL
*
HB-6191: Name and CCN
*
HB-6191: Name and Password
*
HB-6191: Password dissemination for Web traffic
*
HB-6191: Account and Password
Tennessee
Tennessee SB 2220 requires notice of a breach of the security, confidentiality, or integrity of unencrypted, personal information by persons doing business in the state. Personal information is defined as an individual's name, in combination with individual's social security number, driver's license number, or financial account numbers with access passwords. The policy detects combinations of Personally Identifiable Information (PII) like full names, social security numbers, driver's license, and credit card numbers. Additional rules detect passwords. The rules for this policy are:
*
SB 2220: Name and SSN
*
SB 2220: Name and DL
*
SB 2220: Name and CCN
*
SB 2220: Name and Password
*
SB 2220: Password dissemination for Web traffic
*
SB 2220: Account and Password
Texas
Texas SB 122 requires that any person that conducts business in Texas and owns or licenses computerized data that includes sensitive Private Information will take reasonable measures to protect it. The policy detects combinations of Personally Identifiable Information (PII) like social security, credit card, and Texas driver license numbers.The rules for this policy are:
*
SB 122: SSN: with Texas driver license
*
SB 122: SSN with CCN
*
SB 122: Name with SSN
*
SB 122: Name with Texas driver license
*
SB 122: Name with CCN
*
SB 122: SSN with DNA profile
Utah
Utah SB 69's purpose is to address the integrity of consumer credit databases. It is applicable to any person that conducts business in Utah and maintains PI. The policy detects combinations of Personally Identifiable Information (PII) like social security, credit card, and driver license numbers. Additional rules detect passwords.The rules for this policy are:
*
SB 69: SSN with CCN
*
SB 69: CCN with Utah Driver License
*
SB 69: Suspected passwords
*
SB 69: Password dissemination for Web traffic
*
SB 69: SSN and Account number and Password
Virginia
Virginia SB 307 mandates that consumers should be notified when their personal information is compromised in a way that increases the risk of identity theft or other fraud. The bill also requires covered entities to notify the state attorney general in the case of breaches of personal information of more than 1,000 residents. The policy detects unencrypted combinations of Personally Identifiable Information (PII) like full names, social security numbers, Virginia driver license and credit card numbers. The rules for this policy are:
*
VA SB 307: Name and SSN
*
VA SB 307: Name and DL
*
VA SB 307: Name and CCN
Washington
Washington SB 6043 requires that any person or business that owns or licenses computerized data that includes PI must disclose security system breach to those whose unencrypted PI is reasonably believed to be acquired by an unauthorized person. The policy detects combinations of Personally Identifiable Information (PII) like social security, credit card, and Washington driver license numbers. The rules for this policy are:
*
SB 6043: SSN: with WA driver license
*
SB 6043: SSN with CCN
*
SB 6043: Name with SSN
*
SB 6043: Name with Washington driver license
*
SB 6043: Name with CCN
*
SB 6043: SSN with DNA profile
Wisconsin
Wisconsin SB 164 requires notice of unauthorized use of personal identifying information. The policy detects combinations of Personally Identifiable Information (PII) like social security, credit card, and driver license numbers, with sensitive private information like DNA profile or password. The rules for this policy are:
*
SB 164: SSN with CCN
*
SB 164: SSN with Wisconsin DL
*
SB 164: SSN with Account Number
*
SB 164: SSN with PIN Number
*
SB 164: SSN with possible password
*
SB 164: SSN with DNA profile

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Forcepoint DLP Predefined Policies and Classifiers > Data Loss Prevention policies > Regulations, Compliance and Standards > United States of America - State Privacy Regulations
Copyright 2017 Forcepoint. All rights reserved.