Documentation | Support

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Forcepoint DLP Predefined Policies and Classifiers : Data Loss Prevention policies : Content Protection
Content Protection
Predefined Policies and Classifiers | Forcepoint DLP | 8.8
Forcepoint DLP includes the following types of content protection policies:
*
Company Confidential and Intellectual Property (IP)
*
Credit Cards
*
Financial Data
*
Protected Health Information (PHI)
*
Personally Identifiable Information (PII)
Company Confidential and Intellectual Property (IP)
Predefined Policies and Classifiers | Forcepoint DLP | 8.8
The following predefined policies are available for the detection of company confidential or intellectual property data:
*
Bids and Tenders
Policy for detecting bids, proposals, and tenders, such as responses to request for proposal (RFP) and invitation for bids (IFB) documents.
*
Bids and Tenders (Wide)
*
Bids and Tenders (Default)
*
Bids and Tenders (Narrow)
*
Business and Technical Drawing Files
Policy for detection of business and technical drawing file types. The rules for this policy are:
*
Business and Technical Drawing Files: Abaqus ODB File
*
Business and Technical Drawing Files: Autodesk Design Web File
*
Business and Technical Drawing Files: Autodesk Maya Binary File
*
Business and Technical Drawing Files: Autodesk Maya Textual File
*
Business and Technical Drawing Files: Catia File
*
Business and Technical Drawing Files: Corel Draw File
*
Business and Technical Drawing Files: DWG File
*
Business and Technical Drawing Files: DXF Binary File
*
Business and Technical Drawing Files: DXF Textual File
*
Business and Technical Drawing Files: IGS Textual File
*
Business and Technical Drawing Files: JT File
*
Business and Technical Drawing Files: Microsoft Visio File
*
Business and Technical Drawing Files: Nastran OP2 File
*
Business and Technical Drawing Files: PTC Creo ASM File
*
Business and Technical Drawing Files: PTC Creo DRW File
*
Business and Technical Drawing Files: PTC Creo FRM File
*
Business and Technical Drawing Files: PTC Creo PRT File
*
Business and Technical Drawing Files: Siemens NX PRT File
*
Business and Technical Drawing Files: SolidWorks File
*
Business and Technical Drawing Files: STL Binary File
*
Business and Technical Drawing Files: STL Textual File
*
Business and Technical Drawing Files: STP File
*
Business and Technical Drawing Files: WHIP File
*
Business and Technical Drawing Files: X_T Textual File
*
Confidential Warning
Policy for detection of sensitive text in the header or footer of a document. The rules for this policy are:
*
Confidential in Header or Footer
*
Key Phrases in Header or Footer
*
Dictionary Phrases in Header or Footer
*
Proprietary in Header or Footer
*
Confidential Warning (Arabic)
The policy detect secret or confidential documents by identifying "confidential" terms in English or Arabic, such as "Confidential" or "سري ", in the Header or the Footer of Office documents. The rule for this policy is:
*
Confidential Arabic in Header or Footer
*
Digitally Signed PDF Files
Policy for detection of digitally signed PDF files. The rule for this policy is:
*
Digitally Signed PDF File (Native)
*
Energy
Policies for detection of sensitive data in the Oil and Gas industry and, in particular, information pertaining to oil prospecting and drilling.
*
Petroleum and Gas-Sensitive Information
Detect leakage of sensitive data in the Oil and Gas industry and, in particular, information pertaining to oil prospecting and drilling. The rules for this policy are:
*
Petroleum and Gas-Sensitive Information: CAD Files: DWG File
*
Petroleum and Gas-Sensitive Information: CAD Files: DXF Binary File
*
Petroleum and Gas-Sensitive Information: CAD Files: DXF Textual File
*
Petroleum and Gas-Sensitive Information: CAD Files: IGS Textual File
*
Petroleum and Gas-Sensitive Information: CAD Files: JT File
*
Petroleum and Gas-Sensitive Information: CAD Files: PTC Creo ASM File
*
Petroleum and Gas-Sensitive Information: CAD Files: PTC Creo DRW File
*
Petroleum and Gas-Sensitive Information: CAD Files: PTC Creo FRM File
*
Petroleum and Gas-Sensitive Information: CAD Files: PTC Creo PRT File
*
Petroleum and Gas-Sensitive Information: CAD Files: SolidWorks File
*
Petroleum and Gas-Sensitive Information: CAD Files: STL Binary File
*
Petroleum and Gas-Sensitive Information: CAD Files: STL Textual File
*
Petroleum and Gas-Sensitive Information: CAD Files: STP File
*
Petroleum and Gas-Sensitive Information: CAD Files: WHIP File
*
Petroleum and Gas-Sensitive Information: CAD Files: X_T Textual File
*
Petroleum and Gas-Sensitive Information: Disclaimer
*
Petroleum and Gas-Sensitive Information: Form 567
*
Petroleum and Gas-Sensitive Information: Form 715
*
Petroleum and Gas-Sensitive Information: Latitude-Longitude Location Coordinates
*
Petroleum and Gas-Sensitive Information: Logs and Survey Reports
*
Petroleum and Gas-Sensitive Information: Microsoft Visio
*
Petroleum and Gas-Sensitive Information: Petroleum File Extension
*
Petroleum and Gas-Sensitive Information: Pipeline Flow Diagram
*
Petroleum and Gas-Sensitive Information: Prospecting Related Term
*
Smart Power Grids / SCADA
Policy for promoting protection of sensitive information pertaining smart power grids and supervisory control and data acquisition (SCADA) systems. The rules for this policy are:
*
Smart Power Grids: Confidential in Header or Footer
*
Smart Power Grids: Proprietary in Header or Footer
*
Smart Power Grids: C family or Java (default)
*
Smart Power Grids: C family or Java (wide)
*
Smart Power Grids: Software Design Documents with SCADA terms
*
Smart Power Grids: CAD Files: STL Textual File
*
Smart Power Grids: CAD Files: STL Binary File
*
Smart Power Grids: CAD Files: STP File
*
Smart Power Grids: CAD Files: IGS text Format
*
Smart Power Grids: CAD Files: X_T text Format
*
Smart Power Grids: Executable or Link Library
*
Smart Power Grids: Microsoft Visio File
*
Smart Power Grids: Python (Default)
*
Smart Power Grids: Python (Wide)
*
Smart Power Grids: XML with SCADA terms
*
Smart Power Grids: Spreadsheets with SCADA terms
*
License Keys
Policy to identify Microsoft license keys. The policy helps mitigate software piracy and unauthorized usage of corporate assets. The rule for this policy is:
*
Microsoft license keys
*
Media
Policies for detection of sensitive data in the Media industry.
*
Movie manuscripts
Policy for detection of movie and TV scripts dissemination. The rule for this policy is:
*
Movie and TV Manuscripts
*
Mergers and acquisitions
Policy for detection of information suspected to be related to mergers and acquisitions. The rules for this policy are:
*
Mergers and Acquisitions information
*
Mergers and Acquisitions information (narrow)
*
Mergers and Acquisitions for Discovery
Policy for detection of information suspected to be related to mergers and acquisitions. The rule for this policy is:
*
Mergers and Acquisitions information
*
Network Security Information
Policy for detection of network security documents and network diagrams. This policy detects network diagrams by searching for IP addresses, MAC addresses and various terms common to such documents. In order to achieve complete coverage, first 2 rules and one of the MAC address rules must be selected. The rules for this policy are:
*
Network Information and Security
*
Network Information and Security
*
MAC Addresses (Wide)
*
MAC Addresses (Default)
*
MAC Addresses (narrow)
*
Patents
Policy for detection of patents and patent applications. The rule for this policy is:
*
Patents detection
*
Project Documents
Policy for detection of project document in traffic. This may cause false positives. The rule for this policy is:
*
Project Document
*
Security Software Files
Policy for detection of security software files. The rule for this policy is:
*
Security Software Files: Splunk Enterprise Security Event Log
*
Software Source Code and Design
Policies for detection of source codes and software design documents.
*
Software Design Documents
Policy for detection of software design documents in traffic. The rules for this policy are:
*
Software Design Documents
*
Software Source Code
Policy for detection of software source code. The rule for this policy is:
*
Software Source Code: C family or Java (Default)
*
Software Source Code: C family or Java (Wide)
*
Software Source Code: C family or Java (By file extension)
*
Software Source Code: F# Source (By content)
*
Software Source Code: F# Source (By file extension)
*
Software Source Code: Perl Source (By content)
*
Software Source Code: Perl Source (By file extension)
*
Software Source Code: Python (Default)
*
Software Source Code: Python (Wide)
*
Software Source Code: x86 Assembly Source Code
*
SPICE Source Code
Policy for detection of integrated circuits design source code in SPICE (Simulation Program with Integrated Circuits Emphasis). This may cause false positives. the rules for this policy are:
*
SPICE Source code (Berkeley version)
*
SPICE Source code
*
SQL Queries Detection
Policy for detection of SQL and Oracle queries and database. This may cause false positives. the rules for this policy are:
*
SQL Detection (Wide)
*
SQL Detection (Default)
*
SQL Detection (Narrow)
*
Verilog Source Code
Policy for detection of Verilog source code dissemination. This policy is comprised of 2 rules, each covering a different aspect of the detected texts. In order to achieve complete coverage, all rules must be selected. This may cause false positives. The rules for this policy are:
*
Verilog Source code 1
*
Verilog Source code 2
*
VHDL Source Code
Policy for detection of source code dissemination in VHDL, used mainly for hardware design. This may cause false positives. The rule for this policy is:
*
VHDL Source Code
*
Visual Basic Source Code
Policy for detection of Visual Basic source code. This may produce a false positive. The rules for this policy are:
*
Visual Basic Source Code (Wide)
*
Visual Basic Source Code (Default)
*
Visual Basic Source Code (Narrow)
*
Strategic Business Documents
Policy for detection of documents of prime strategic value, such as business and marketing plans. The rule for this policy is:
*
Strategic Business Documents (Wide)
*
Strategic Business Documents (Narrow)
*
Strategic Business Documents (Default)
*
Telecom
Policies for detection of sensitive data in the Telecom industry.
*
Call Detail Record
Policy for detection of Call Detail Records (CDRs) in traffic. The rule for this policy is:
*
CDR: Suspected Call details rows
*
CDR: Suspected Call details headers
*
IMEI
Policy for detection of serial (IMEI) numbers of cell phones. The International Mobile Equipment Identity (IMEI) is a number unique to every GSM and UMTS and iDEN mobile phone as well as some satellite phones. It is usually found printed on the phone underneath the battery. The rule for this policy is:
*
IMEI: Wide
*
IMEI: Default
*
IMEI: with proximity
*
Location Coordinates
Policy for detection of location coordinates. The rule for this policy is:
*
Latitude-Longitude Location Coordinates
*
UTM Location Coordinates
Credit Cards
Predefined Policies and Classifiers | Forcepoint DLP | 8.8
The following predefined policies are available for the detection of credit card information:
*
Credit Card Magnetic Strips
Policy for detection of electronic data from credit card strips. The rules for this policy are:
*
Credit Card Magnetic Strips
*
Credit Card Magnetic Strips: Track 1
*
Credit Card Magnetic Strips: Track 2
*
Credit Card Magnetic Strips: Track 3
*
Credit Cards
Policy for detection of credit card numbers. The rules for this policy are:
*
All CCN for Printer Agent: All in one
*
Credit Cards: American Express
*
Credit Cards: Bancard
*
Credit Cards: Diners
*
Credit Cards: Discover
*
Credit Cards: EnRoute
*
Credit Cards: JCB 1st Format
*
Credit Cards: JCB 2nd Format
*
Credit Cards: Maestro, Switch or Solo
*
Credit Cards: MasterCard
*
Credit Cards: RuPay
*
Credit Cards: Visa
*
Credit Cards: Visa 13 Digits (Obsolete)
*
Credit Cards: Credit Card Number (Wide Minus Default)
*
Credit Cards: Credit Card Number (Wide)
*
Credit Cards: Credit Card Number (Default)
*
Credit Cards: Credit Card Number (Narrow)
*
Credit Cards: User-Defined IIN (Wide)
*
Credit Cards: User-Defined IIN (Default)
*
Credit Cards: User-Defined IIN (Narrow)
*
Credit Cards for Printer Agent
Policy for detection of credit card numbers, obtained from using the printer agent OCR. The rules take into account possible errors that may be induced by the OCR software. The rule for this policy is:
*
All CCN for Printer Agent: All in one
*
European Credit Cards
All Policy for detection of credit card numbers prevalent in Europe. The rule for this policy is:
*
European Credit Cards: All Credit Cards
*
Israeli Credit Cards
Policy for detection of credit card numbers prevalent in Israel. The rule for this policy is:
*
CCN Israel: All Credit Cards
*
CCN Israel: All Credit Cards (Wide)
*
CCN Israel: American Express
*
CCN Israel: MasterCard
*
CCN Israel: Visa
*
CCN Israel: Diners
*
CCN Israel: Discover
*
CCN Israel: IsraCard (Default)
*
CCN Israel: IsraCard (Wide)
*
Japanese Credit Cards
Policy for detection of credit card numbers prevalent in Japan. The rule for this policy is:
*
Japanese Credit Cards: All Credit Cards
*
US Credit Cards
Policy for detection of credit card numbers prevalent in the US. The rule for this policy is:
*
US Credit Cards: All Credit Cards
Financial Data
Predefined Policies and Classifiers | Forcepoint DLP | 8.8
The following predefined policies are available for the detection of financial information:
*
401(k) and 403(b) forms
Policy for detection of 401(k) and 403(b) form that contain private information of employees. The rules for this policy are:
*
401(k) form (Wide)
*
401(k) form (Default)
*
401(k) form (Narrow)
*
403(b) form (Default)
*
403(b) form (Wide)
*
403(b) form (Narrow)
*
Austria Finance
Policy for detection of Austrian financial information. The rules for this policy are:
*
Austria Finance: Austrian IBAN (default)
*
Austria Finance: Austrian IBAN (wide)
*
Belgium Finance
Policy for detection of Belgian financial information. The rules for this policy are:
*
Belgium Finance: Belgian IBAN (default)
*
Belgium Finance: Belgian IBAN (wide)
*
Brazil Finance
Policy for detection of Brazilian financial information. The rules for this policy are:
*
Brazil Finance: Brazilian IBAN (default)
*
Brazil Finance: Brazilian IBAN (wide)
*
Bulgaria Finance
Policy for detection of Bulgarian financial information. The rules for this policy are:
*
Bulgaria Finance: Bulgarian IBAN (Default)
*
Bulgaria Finance: Bulgarian IBAN (Wide)
*
Croatia Finance
Policy for detection of Croatian financial information. The rules for this policy are:
*
Croatia Finance: Croatian IBAN (Default)
*
Croatia Finance: Croatian IBAN (Wide)
*
Cyprus Finance
Policy for detection of Cypriot financial information. The rules for this policy are:
*
Cyprus Finance: Cypriot IBAN (Default)
*
Cyprus Finance: Cypriot IBAN (Wide)
*
Czech Republic Finance
Policy for detection of Czech financial information. The rules for this policy are:
*
Czech Republic Finance: Czech IBAN (default)
*
Czech Republic Finance: Czech IBAN (wide)
*
Denmark Finance
Policy for detection of Danish financial information. The rules for this policy are:
*
Danish IBANRule (Default)
*
Denmark Finance: Danish IBAN (wide)
*
Estonia Finance
Policy for detection of Estonian financial information. The rules for this policy are:
*
Estonia Finance: Estonian IBAN (default)
*
Estonia Finance: Estonian IBAN (wide)
*
Financial Information
Policy for detection of general, personal, and investment financial information in traffic. The rules for this policy are:
*
Financial Information -Personal
*
Financial Information -Investment
*
Financial Information -General
*
Financial Information in Chinese
Policy for detection of financial information in Chinese. The rules for this policy are:
*
Financial Information in Chinese (Wide)
*
Financial Information in Chinese (Default)
*
Financial Information in Chinese (Narrow)
*
Finland Finance
Policy for detection of Finnish financial information. The rules for this policy are:
*
Finland Finance: Finnish IBAN (default)
*
Finland Finance: Finnish IBAN (wide)
*
France Finance
Policy for detection of French financial information. The rules for this policy are:
*
France Finance: French IBAN (default)
*
France Finance: French IBAN (wide)
*
Germany Finance
Policy for detection of German financial information. The rules for this policy are:
*
Germany Finance: German IBAN (default)
*
Germany Finance: German IBAN (wide)
*
Greece Finance
Policy for detection of Greek financial information. The rules for this policy are:
*
Greece Finance: Greece IBAN (default)
*
Greece Finance: Greece IBAN (wide)
*
Hungary Finance
Policy for detection of Hungarian financial information. The rules for this policy are:
*
Hungary Finance: Hungarian IBAN (default)
*
Hungary Finance: Hungarian IBAN (wide)
*
Iceland Finance
Policy for detection of Icelandic financial information. The rules for this policy are:
*
Iceland Finance: Icelandic IBAN (default)
*
Iceland Finance: Icelandic IBAN (wide)
*
Ireland Finance
Policy for detection of Irish financial information. The rules for this policy are:
*
Ireland Finance: Irish IBAN (default)
*
Ireland Finance: Irish IBAN (wide)
*
Ireland Finance: Irish Bank Account
*
IRS Tax Forms
Policy for detection of IRS Tax Forms; for example, Form W-2, Form W-4, and Form 1040. The rules for this policy are:
*
IRS Tax Forms: Form 1040 and Form 1040A (Wide)
*
IRS Tax Forms: Form 1040 and Form 1040A (Default)
*
IRS Tax Forms: Form 1040 and Form 1040A (Narrow)
*
IRS Tax Forms: Form 1040EZ (Wide)
*
IRS Tax Forms: Form 1040EZ (Default)
*
IRS Tax Forms: Form 1040EZ (Narrow)
*
IRS Tax Forms: Form W-2
*
IRS Tax Forms: Form W-4 (Wide)
*
IRS Tax Forms: Form W-4 (Default)
*
IRS Tax Forms: Form W-4 (Narrow)
*
IRS Tax Forms: Form W-4P (Wide)
*
IRS Tax Forms: Form W-4P (Default)
*
IRS Tax Forms: Form W-4P (Narrow)
*
IRS Tax Forms: Form W-4V (Wide)
*
IRS Tax Forms: Form W-4V (Default)
*
IRS Tax Forms: Form W-4V (Narrow)
*
IRS Tax Forms: Form W-9 (Wide)
*
IRS Tax Forms: Form W-9 (Default)
*
IRS Tax Forms: Form W-9 (Narrow)
*
IRS Tax Forms: Form W-9S (Wide)
*
IRS Tax Forms: Form W-9S (Default)
*
IRS Tax Forms: Form W-9S (Narrow)
*
ISIN and CUSIP
Policy for detection of International Securities Identification Number (ISIN), which uniquely identifies a security. The ISIN code is a 12-character alphanumerical code that serves as uniform identification of a security at trading and settlement. The rules for this policy are:
*
ISIN number - wide
*
ISIN number - default
*
CUSIP Numbers (default)
*
CUSIP Numbers (wide)
*
Israeli Bank Accounts
Policy for identifying Israeli bank account numbers in traffic. The rules for this policy are:
*
IL BANK: General Bank Account Numbers
*
IL BANK: Leumi Bank Account Numbers
*
IL BANK: Leumi Bank Account Numbers no support
*
IL BANK: Poalim Bank Account Numbers
*
IL BANK: Discount Bank Account Numbers
*
IL BANK: Mizrahi Bank Account Numbers
*
IL BANK: BenLeumi Bank Account Numbers
*
IL BANK: HaDoar Bank Account Numbers
*
Italy Finance
Policy for detection of Italian financial information. The rules for this policy are:
*
Italy Finance: Italian IBAN (default)
*
Italy Finance: Italian IBAN (wide)
*
Kazakhstan Finance
Policy for detection of Kazakh financial information. The rules for this policy are:
*
Kazakhstan Finance: Kazakh IBAN (default)
*
Kazakhstan Finance: Kazakh IBAN (wide)
*
Latvia Finance
Policy for detection of Latvian financial information. The rules for this policy are:
*
Latvia Finance: Latvian IBAN (Default)
*
Latvia Finance: Latvian IBAN (Wide)
*
Lithuania Finance
Policy for detection of Lithuanian financial information. The rules for this policy are:
*
Lithuania Finance: Lithuanian IBAN (Default)
*
Lithuania Finance: Lithuanian IBAN (Wide)
*
Luxembourg Finance
Policy for detection of Luxembourgian financial information. The rules for this policy are:
*
Luxembourg Finance: Luxembourgian IBAN (default)
*
Luxembourg Finance: Luxembourgian IBAN (wide)
*
Malta Finance
Policy for detection of Maltese financial information. The rules for this policy are:
*
Malta Finance: Maltese IBAN (Default)
*
Malta Finance: Maltese IBAN (Wide)
*
Mexico Finance
Policy for detection of Mexican financial information. The rules for this policy are:
*
Mexico Finance: Standardized Bank Code (CLABE) (Wide)
*
Mexico Finance: Standardized Bank Code (CLABE) (Default)
*
Netherlands Finance
Policy for identifying Dutch financial information. The rules for this policy are:
*
Netherlands Finance: Netherlands IBAN (default)
*
Netherlands Finance: Netherlands IBAN (wide)
*
Norway Finance
Policy for identifying Norwegian financial information. The rules for this policy are:
*
Norway Finance: Norwegian IBAN (default)
*
Norway Finance: Norwegian IBAN (wide)
*
People's Republic of China Finance
Policy for detection of PRC financial information. The rules for this policy are
*
People's Republic of China Finance: Union Pay Credit Card (wide)
*
People's Republic of China Finance: Union Pay Credit Card (default)
*
People's Republic of China Finance: Union Pay Credit Card (narrow)
*
People's Republic of China Finance: Financial cards Track1
*
People's Republic of China Finance: Financial cards Track2 rule for detecting bank card magnetic stripe Track2
*
People's Republic of China Finance: Financial cards Track3
*
People's Republic of China Finance: Business Registration Number - 15 digits (wide)
*
People's Republic of China Finance: Business Registration Number - 15 digits (default)
*
People's Republic of China Finance: Business Registration Number - 15 digits (narrow)
*
People's Republic of China Finance: Credit Card (Wide)
*
People's Republic of China Finance: Credit Card (Default)
*
People's Republic of China Finance: Credit Card (Narrow)
*
Poland Finance
Policy for detection of Polish financial information. The rules for this policy are:
*
Poland Finance: Polish IBAN (wide)
*
Poland Finance: Polish IBAN (default)
*
Poland Finance: IBAN and Name
*
Portugal Finance
Policy for detection of Portuguese financial information. The rules for this policy are:
*
Portugal Finance: Portuguese IBAN (Default)
*
Portugal Finance: Portuguese IBAN (Wide)
*
Pricing Information
Policy for detection of pricing information and pricelists in traffic. The rules for this policy are:
*
Pricing Information 1
*
Pricing Information 2
*
Pricing Information 3
*
Qatar Finance
Policy for detection of Qatari financial information. The rules for this policy are:
*
Qatar Finance: Qatari IBAN (default)
*
Qatar Finance: Qatari IBAN (wide)
*
Romania Finance
Policy for detection of Romanian financial information. The rules for this policy are:
*
Romania Finance: Romanian IBAN (default)
*
Romania Finance: Romanian IBAN (wide)
*
RTN/ABA Numbers
Policy for detection of Routing Transit Numbers (RTN), also known as American Bankers Association (ABA) numbers. RTN numbers are nine digit bank codes, used in the United States to identify, for example, which financial institution checks and banknotes are drawn upon. The rules for this policy are:
*
RTN/ABA: Wide
*
RTN/ABA: Default
*
RTN/ABA: Narrow
*
Saudi Arabia Finance
Policy for detection of Saudi Arabia financial information. The rules for this policy are:
*
Saudi Arabia Finance: Saudi Arabia IBAN (default)
*
Saudi Arabia Finance: Saudi Arabia IBAN (wide)
*
Slovakia Finance
Policy for detection of Slovak financial information. The rules for this policy are:
*
Slovakia Finance: Slovak IBAN (default)
*
Slovakia Finance: Slovak IBAN (wide)
*
Slovenia Finance
Policy for detection of Slovenian financial information. The rules for this policy are:
*
Slovenia Finance: Slovene IBAN (Default)
*
Slovenia Finance: Slovene IBAN (Wide)
*
Spain Finance
Policy for detection of Spanish financial information. The rules for this policy are:
*
Spanish IBAN rule for detecting Spanish IBANs (default)
*
Spanish IBAN rule for detecting Spanish IBANs (wide)
*
Sweden Finance
Policy for detection of Swedish financial information. The rules for this policy are:
*
Sweden Finance: Swedish IBAN (default)
*
Sweden Finance: Swedish IBAN (wide)
*
Switzerland Finance
Policy for detection of Swiss financial information. The rules for this policy are:
*
Switzerland Finance: Swiss IBAN (default)
*
Switzerland Finance: Swiss IBAN (wide)
*
Turkey Finance
Policy for detection of Turkish financial information. The rules for this policy are:
*
Turkey Finance: Turkish IBAN (Default)
*
Turkey Finance: Turkish IBAN (Wide)
*
Turkey Finance: Turkish Tax IDs (Wide)
*
Turkey Finance: Turkish Tax IDs (Default)
*
UK Finance
Policy for detection of UK financial information. The rules for this policy are:
*
UK Finance: UK IBAN (default)
*
UK Finance: UK IBAN (wide)
*
United Arab Emirates Finance
Policy for detection of Emirati financial information. The rules for this policy are:
*
United Arab Emirates Finance: Emirati IBAN (default)
*
United Arab Emirates Finance: Emirati IBAN (wide)
Protected Health Information (PHI)
Predefined Policies and Classifiers | Forcepoint DLP | 8.8
*
Australian PHI
Policy for detection of protected health information for Australian citizens. The rules for this policy are:
*
Australia PHI: Australia Medicare and Sensitive Disease or Drug
*
Australia PHI: Australia Medicare and Common Medical Condition
*
Australia PHI: DICOM
*
Australia PHI: SPSS Text File
*
Health Data
Policy for detection of data types pertaining to medical conditions, drugs etc. The rules for this policy are:
*
Health Data: Credit cards and Common Medical Condition
*
Health Data: Credit Card and Sensitive Disease or Drug
*
Health Data: DICOM
*
Health Data: DNA Profile (Default)
*
Health Data: DNA Profile (Narrow)
*
Health Data: DOB and Name
*
Health Data: ICD9 Code
*
Health Data: ICD9 Code and Description
*
Health Data: ICD9 Code and Name
*
Health Data: ICD9 Description and Name
*
Health Data: ICD10 Code
*
Health Data: ICD10 Code and Description
*
Health Data: ICD10 Code and Name
*
Health Data: ICD10 Descriptions and Name
*
Health Data: Medical Form (Default)
*
Health Data: Medical Form (Narrow)
*
Health Data: Medical Form (Wide)
*
Health Data: Name and Common Medical Condition (Default)
*
Health Data: Name and Common Medical Condition (Narrow)
*
Health Data: Name and Sensitive Disease or Drug (Default)
*
Health Data: Name and Sensitive Disease or Drug (Narrow)
*
Health Data: NDC Number (Wide)
*
Health Data: NDC Number (Default)
*
Health Data: NDC Number (Narrow)
*
Health Data: SPSS Text File
*
Israel PHI
Policy for detection of protected health information for Israeli citizens, to promote compliance with Israeli privacy rules and Israeli patients rights law of 1996. The rules for this policy are:
*
Israel PHI: DICOM
*
Israel PHI: Identity Number and General Medical Information
*
Israel PHI: Identity Number and Sensitive Medical Information
*
Israel PHI: Name and General Medical Information
*
Israel PHI: Name and Sensitive Medical Information
*
Israel PHI: SPSS Text File
*
Italy PHI
Policy for detection of protected health information for Italy citizens. The rules for this policy are:
*
Italy PHI: Codice Fiscale and Health Information
*
Italy PHI: DICOM
*
Italy PHI: Name and Health Information
*
Italy PHI: SPSS Text File
*
Norway PHI
Policy for detection of protected health information for Norwegian citizens. The rules for this policy are:
*
Norway PHI: DICOM
*
Norway PHI: ICD10 Code
*
Norway PHI: ICD10 Code and Description
*
Norway PHI: ICD10 Code and First Name
*
Norway PHI: ICD10 Code and Full Name
*
Norway PHI: ICD10 Code and Last Name
*
Norway PHI: ICD10 Code and Personal number
*
Norway PHI: ICD10 Code and PIN
*
Norway PHI: ICD10 Description
*
Norway PHI: Name and Health Information
*
Norway PHI: Personal Number and Health Information
*
Norway PHI: SPSS Text File
*
Sweden PHI
A policy for detection of protected health information (PHI) of Swedish citizens and residents. The policy comprises rules for detection of Health information and Medical Conditions (in Swedish or English), in proximity to personally identifiable information such as personal number (personnummer), or name. The rules for this policy are:
*
Sweden PHI: DICOM
*
Sweden PHI: DNA Profile
*
Sweden PHI: ICD10 Code
*
Sweden PHI: ICD10 Code and Description
*
Sweden PHI: ICD10 Description
*
Sweden PHI: ICD10 Code and Name (Wide)
*
Sweden PHI: ICD10 Code and Name (Default)
*
Sweden PHI: ICD10 Code and Name (Narrow)
*
Sweden PHI: ICD10 Code and Personal Number
*
Sweden PHI: Name and Health Information
*
Sweden PHI: Name and Sensitive Disease or Drug
*
Sweden PHI: Personal Number and Health Information
*
Sweden PHI: Personal Number and Sensitive Disease or Drug
*
Sweden PHI: SPSS Text File
*
UK PHI
Policy for detection of UK protected health information.The rules for this policy are
*
UK PHI: DICOM
*
UK PHI: NHS Number (Wide)
*
UK PHI: NHS Number (Default)
*
UK PHI: NHS Number (Narrow)
*
UK PHI: SPSS Text File
*
US PHI
A policy for detection of protected health information of US citizens. The rules for this policy are
*
US PHI: DICOM
*
US PHI: Medical Form (Wide)
*
US PHI: Medical Form (Default)
*
US PHI: Medical Form (Narrow)
*
US PHI: Name and Common Medical Condition (Default)
*
US PHI: Name and Common Medical Condition (Narrow)
*
US PHI: Name and HICN
*
US PHI: Name and MBI (Default)
*
US PHI: Name and MBI (Wide)
*
US PHI: Name and Sensitive Disease or Drug (Default)
*
US PHI: Name and Sensitive Disease or Drug (Narrow)
*
US PHI: SPSS Text File
*
US PHI: SSN and Sensitive Disease or Drug
*
US PHI: SSN and Common Medical Condition
Personally Identifiable Information (PII)
Predefined Policies and Classifiers | Forcepoint DLP | 8.8
The following predefined policies are available for the detection of private information:
*
Australia PII
Policy for detection of Australian private information. The rules for this policy are:
*
Australia PII: Credit File (Wide)
*
Australia PII: Credit File (Default)
*
Australia PII: Credit File (Narrow)
*
Australia PII: Driver License Number and Name
*
Australia PII: Email Address and Password (Wide)
*
Australia PII: Email Address and Password (Default)
*
Australia PII: Tax File Number (Wide)
*
Australia PII: Tax File Number (Default)
*
Austria PII
Policy for detection of Austrian private information. The rules for this policy are:
*
Austria PII: CCN and Name
*
Austria PII: Crime and Name
*
Austria PII: Email Address and Password (Wide)
*
Austria PII: Email Address and Password (Default)
*
Austria PII: Ethnicity and Name
*
Austria PII: Sensitive Disease and Name
*
Austria PII: Social Security Number (Wide)
*
Austria PII: Social Security Number (Default)
*
Austria PII: Social Security Number and Name (Wide)
*
Austria PII: Social Security Number and Name (Default)
*
Belgium PII
Policy for detection of Belgian private information. The rules for this policy are:
*
Belgium PII: Email Address and Password (Wide)
*
Belgium PII: Email Address and Password (Default)
*
Belgium PII: ID Card Number
*
Belgium PII: Name and ID Card Number (Wide)
*
Belgium PII: Name and ID Card Number (Default)
*
Belgium PII: Name and Passport Number (Wide)
*
Belgium PII: Name and Passport Number (Default)
*
Belgium PII: Passport Number
*
Biometric Files
Policy for detection of biometric files. The rules for this policy are:
*
Biometric Files: NIEM-Conformant XML
*
Biometric Files: OASIS XML Common Biometric Format (XCBF)
*
Bosnia and Herzegovina PII
Policy for detection of Unique Master Citizen Numbers. The rules for this policy are:
*
Bosnia and Herzegovina PII: Unique Master Citizen Number (Wide)
*
Bosnia and Herzegovina PII: Unique Master Citizen Number (Default)
*
Brazil PII
Policy for detection of Brazilian private information. The rules for this policy are:
*
Brazil PII: Name and CPF
*
Brazil PII: Name and Sensitive Disease
*
Brazil PII: CPF and Sensitive Disease
*
Brazil PII: Email Address and Password (Wide)
*
Brazil PII: Email Address and Password (Default)
*
Brazil PII: Identity Card Number (Default)
*
Brazil PII: Identity Card Number (Narrow)
*
Brazil PII: National Register of Legal Entities Number (Wide)
*
Brazil PII: National Register of Legal Entities Number (Default)
*
Bulgaria PII
Policy for detection of Bulgarian private information. The rules for this policy are:
*
Bulgaria PII: Unified Civil Number (Wide)
*
Bulgaria PII: Unified Civil Number (Default)
*
Canada PII
Policy for detection of Canadian private information. The rules for this policy are:
*
Canada PII: Credit File (Wide)
*
Canada PII: Credit File (Default)
*
Canada PII: Credit File (Narrow)
*
Canada PII: Email Address and Password (Wide)
*
Canada PII: Email Address and Password (Default)
*
Canada PII: SIN
*
Canada PII: SIN and Name (Default)
*
Canada PII: SIN and Name (Narrow)
*
Canada PII: Name and Alberta Driver's License Number
*
Canada PII: Name and British Columbia Driver's License Number
*
Canada PII: Name and Manitoba Driver's License Number
*
Canada PII: Name and New Brunswick Driver's License Number
*
Canada PII: Name and Newfoundland and Labrador Driver's License Number
*
Canada PII: Name and Nova Scotia Driver's License Number
*
Canada PII: Name and Ontario Driver's License Number
*
Canada PII: Name and Prince Edward Island Driver's License Number
*
Canada PII: Name and Quebec Driver's License Number
*
Canada PII: Name and Saskatchewan Driver's License Number
*
Chile PII
Policy for detection of Chilean private information. The rules for this policy are:
*
Chile PII: Email Address and Password (Wide)
*
Chile PII: Email Address and Password (Default)
*
Chile PII: National Identity Number (RUN/RUT) (Wide)
*
Chile PII: National Identity Number (RUN/RUT) (Default)
*
Colombia PII
Policy for detection of Colombian private information. The rules for this policy are:
*
Colombia PII: Email Address and Password (Wide)
*
Colombia PII: Email Address and Password (Default)
*
Colombia PII: Identification Number (Wide)
*
Colombia PII: Identification Number (Default)
*
Costa Rica PII
Policy for detection of Costa Rican private information. The rules for this policy are:
*
Costa Rica PII: Email Address and Password (Wide)
*
Costa Rica PII: Email Address and Password (Default)
*
Costa Rica PII: Identification Number (Default)
*
Costa Rica PII: Identification Number (Narrow)
*
Costa Rica PII: Legal Identification Number (Default)
*
Costa Rica PII: Legal Identification Number (Narrow)
*
Croatia PII
Policy for detection of Unique Master Citizen Numbers and Personal identification numbers. The rules for this policy are:
*
Croatia PII: Unique Master Citizen Number (Wide)
*
Croatia PII: Unique Master Citizen Number (Default)
*
Croatia PII: Personal identification number (Wide)
*
Croatia PII: Personal identification number (Default)
*
Cyprus PII
Policy for detection of Cypriot private information. The rules for this policy are:
*
Cyprus PII: Tax Identification Code (Wide)
*
Cyprus PII: Tax Identification Code (Default)
*
Czech Republic
Policy for detection of Czech Republic private information. The rules for this policy are:
*
Czech Republic PII: Email Address and Password (Wide)
*
Czech Republic PII: Email Address and Password (Default)
*
Czech Republic PII: Rodne Cislo (Wide)
*
Czech Republic PII: Rodne Cislo (Default)
*
Denmark PII
Policy for detection of Danish private information. The rules for this policy are:
*
Denmark PII: CPR Number and Name - Wide
*
Denmark PII: CPR Number and Name - Default
*
Denmark PII: CPR Number and Name - Narrow
*
Denmark PII: CPR Number (Wide)
*
Denmark PII: CPR Number (Default)
*
Denmark PII: CPR Number (Narrow)
*
Denmark PII: Email Address and Password (Wide)
*
Denmark PII: Email Address and Password (Default)
*
EIN
Policy for detection of Employer Identification Numbers (EIN). The rule for this policy is:
*
Rule for detecting EIN (Employer Identification Numbers).
*
Email Addresses
Policy for detection of email addresses in email body or attachments. The rules for this policy are:
*
Email: Multiple Recipients
*
Email: Multiple Recipients with different domains
*
Email: Multiple Email addresses
*
Email: Multiple Email addresses with different domains
*
Estonia PII
Policy for detection of Estonian private information. The rules for this policy are:
*
Estonia PII: Personal Identification Code (Wide)
*
Estonia PII: Personal Identification Code (Default)
*
Finland PII
Policy for detection of Finnish private information. The rules for this policy are:
*
Finland PII: Email Address and Password (Wide)
*
Finland PII: Email Address and Password (Default)
*
Finland PII: Social Security Number (Wide)
*
Finland PII: Social Security Number (Default)
*
France PII
Policy for detection of French private information.The rules for this policy are:
*
France PII: Credit Card Number and Name
*
France PII: Email Address and Password (Wide)
*
France PII: Email Address and Password (Default)
*
France PII: Name and Sensitive Disease
*
France PII: Name and INSEE Code
*
France PII: Name and Social Security Number (NIR)
*
France PII: National Identity Card Number (CNI) (Default)
*
France PII: National Identity Card Number (CNI) (Narrow)
*
France PII: Social Security Number (NIR) (Default)
*
France PII: Social Security Number (NIR) (Wide)
*
Germany PII
Policy for detection of German private information. The rules for this policy are:
*
Germany PII: Credit Card Number and Name
*
Germany PII: Email Address and Password (Wide)
*
Germany PII: Email Address and Password (Default)
*
Germany PII: Ethnicity and Name
*
Germany PII: Sensitive Disease and Name
*
Germany PII: Crime and Name h.
*
Greece PII
Policy for detection of Greek private information. The rules for this policy are:
*
Greece PII: AFM Number (Default)
*
Greece PII: AFM Number (Wide)
*
Greece PII:AFM Number and Name (Default)
*
Greece PII: AFM Number and Name (Wide)
*
Greece PII: Email Address and Password (Wide)
*
Greece PII: Email Address and Password (Default)
*
Greece PII: ID Number (Default)
*
Greece PII: ID Number and Name (Default)
*
Greece PII: ID Number and Name (Wide)
*
Greece PII: Sensitive Medical Information and Name (Wide)
*
Greece PII: Sensitive Medical Information and Name (Default)
*
Hong Kong PII
Policy for detection of Hong Kong private information. The rules for this policy are:
*
Hong Kong PII: Email Address and Password (Wide)
*
Hong Kong PII: Email Address and Password (Default)
*
Hong Kong PII: ID Number (Wide)
*
Hong Kong PII: ID Number (Default)
*
Hong Kong PII: ID Number (Narrow)
*
Hong Kong PII: ID Number and Address (Wide)
*
Hong Kong PII: ID Number and Address (Default)
*
Hong Kong PII: ID Number and Address (Narrow)
*
Hong Kong PII: ID Number and Surname (Wide)
*
Hong Kong PII: ID Number and Surname (Default)
*
Hong Kong PII: Hong Kong ID (formal form) and Common Surname
*
Hong Kong PII: ID Number, Surname and Address (Wide)
*
Hong Kong PII: ID Number, Surname and Address (Default)
*
Hong Kong PII: ID Number, Surname and Address (Narrow)
*
Hong Kong PII: Surname and Address (Wide)
*
Hong Kong PII: Surname and Address (Default)
*
Hong Kong PII: Surname and Address (Narrow)
*
Hungary PII
Policy for detection of Hungarian private information. The rules for this policy are:
*
Hungary PII: Hungarian Szemelyi Azonosito Szam (Wide)
*
Hungary PII: Hungarian Szemelyi Azonosito Szam (Default)
*
Hungary PII: Hungarian TAJ szam (Wide)
*
Hungary PII: Hungarian TAJ szam (Default)
*
Hungary PII: Hungarian Adoazonosito jel (Wide)
*
Hungary PII: Hungarian Adoazonosito jel (Default)
*
Iceland PII
Policy for detection of Icelandic private information. The rules for this policy are:
*
Iceland PII: Kennitala of Individuals (Default)
*
Iceland PII: Kennitala of Individuals (Wide)
*
India PII
Policy for detection of Indian private information. The rules for this policy are:
*
India PII: Email Address and Password (Wide)
*
India PII: Email Address and Password (Default)
*
India PII: Form 16
*
India PII: PAN (Default)
*
India PII: PAN (Wide)
*
Indonesia PII
Policy for detection of Indonesian private information. The rules for this policy are:
*
Indonesia PII: Email Address and Password (Wide)
*
Indonesia PII: Email Address and Password (Default)
*
Indonesia PII: Single Identity Number (Wide)
*
Indonesia PII: Single Identity Number (Default)
*
Ireland PII
Policy for detection of Irish private information. The rules for this policy are:
*
Ireland PII: Driver Number and Name
*
Ireland PII: Email Address and Password (Wide)
*
Ireland PII: Email Address and Password (Default)
*
Ireland PII: Passport Number and Name
*
Ireland PII: Personal Public Service Number (PRSI/PPS) and Name
*
Israel PII
Policy for detection of Israeli private information. The rules for this policy are:
*
Israel PII: Email Address and Password (Wide)
*
Israel PII: Email Address and Password (Default)
*
Israel PII: Identity Number - 8- or 7-Digits (Wide)
*
Israel PII: Identity Number - 8- or 7-Digits (Default)
*
Israel PII: Identity Number (Wide)
*
Israel PII: Identity Number (Default)
*
Israel PII: Name and Identity Number
*
Italy PII
Policy for detection of Italian private information. The rules for this policy are:
*
Italy PII: Codice Fiscale
*
Italy PII: Name and Address
*
Italy PII: Name and Codice Fiscale
*
Italy PII: Name and health information
*
Italy PII: Codice Fiscale and health information
*
Japan PII
Policy for detection of Japanese private information. The rules for this policy are:
*
Japan PII: Corporate Number (Wide)
*
Japan PII: Corporate Number (Default)
*
Japan PII: Corporate Number (Narrow)
*
Japan PII: E-mail Address
*
Japan PII: Email Address and Password (Wide)
*
Japan PII: Email Address and Password (Default)
*
Japan PII: Individual Number (Wide)
*
Japan PII: Individual Number (Default)
*
Japan PII: Individual Number (Narrow)
*
Japan PII: Surname and Account
*
Japan PII: Surname and Driver License Number
*
Japan PII: Surname and Pension Number
*
Japan PII: Surname and Ledger Number
*
Japan PII: Telephone Numbers
*
Kazakhstan PII
Policy for detection of Kazakh private information. The rules for this policy are:
*
Kazakhstan PII: Taxpayer Registration Numbers (Wide)
*
Kazakhstan PII: Taxpayer Registration Numbers (Default)
*
Kazakhstan PII: Individual Identification Numbers (Wide)
*
Kazakhstan PII: Individual Identification Numbers (Default)
*
Kazakhstan PII: Business Identification Numbers (Wide)
*
Kazakhstan PII: Business Identification Numbers (Default)
*
Latvia PII
Policy for detection of Latvian private information. The rules for this policy are:
*
Latvia PII: Personal Identity Number (Wide)
*
Latvia PII: Personal Identity Number (Default)
*
Lithuania PII
Policy for detection of Lithuanian private information. The rules for this policy are:
*
Lithuania PII: Personal Code (Wide)
*
Lithuania PII: Personal Code (Default)
*
Luxembourg PII
Policy for detection of Luxembourgian private information. The rules for this policy are:
*
Luxembourg PII: National Identification Number - 11 Digits (Wide)
*
Luxembourg PII: National Identification Number - 11 Digits (Default)
*
Luxembourg PII: National Identification Number - 13 Digits (Wide)
*
Luxembourg PII: National Identification Number - 13 Digits (Default)
*
Macau PII
Policy for detection of Macau private information.The rules for this policy are:
*
Macau PII: Email Address and Password (Wide)
*
Macau PII: Email Address and Password (Default)
*
Macau PII: ID (formal form) (v7.8.1 only)
*
Macau PII: ID Number (Default)
*
Macau PII: ID Number (Narrow)
*
Macedonia PII
Policy for detection of Unique Master Citizen Numbers. The rules for this policy are:
*
Macedonia PII: Unique Master Citizen Number (Wide)
*
Macedonia PII: Unique Master Citizen Number (Default)
*
Malaysia PII
Policy for detection of Malaysian private information.The rules for this policy are:
*
Malaysia PII: ID formal form
*
Malaysia PII: ID formal form - Wide
*
Malaysia PII: ID w proximity - Default
*
Malaysia PII: ID w proximity
*
Malaysia PII: ID formal form with BP
*
Malaysia PII: ID formal form with BP w proximity
*
Malaysia PII: Malaysian Name and sensitive health information
*
Malta PII
Policy for detection of Maltese private information. The rules for this policy are:
*
Malta PII: Identity Card Number (Wide)
*
Malta PII: Identity Card Number (Default)
*
Mexico PII
Policy for detection of Mexican private information. The rules for this policy are:
*
Mexico PII: Email Address and Password (Wide)
*
Mexico PII: Email Address and Password (Default)
*
Mexico PII: Passport Number (Wide)
*
Mexico PII: Passport Number (Default)
*
Mexico PII: RFC (Default)
*
Mexico PII: RFC (wide)
*
Mexico PII: CURP (Default)
*
Mexico PII: CURP (Narrow)
*
Mexico PII: CPISP (Default)
*
Mexico PII: CPISP (Narrow)
*
Mexico PII: CPISP (Wide)
*
Mexico PII: Social Security Number (NSS) (Wide)
*
Mexico PII: Social Security Number (NSS) (Default)
*
Mexico PII: SSP Contratos Internos Detection (Default)
*
Mexico PII: SSP Contratos Internos Detection (Wide)
*
Montenegro PII
Policy for detection of Unique Master Citizen Numbers. The rules for this policy are:
*
Montenegro PII: Unique Master Citizen Number (Wide)
*
Montenegro PII: Unique Master Citizen Number (Default)
*
Netherlands PII
Policy for detection of Dutch private information. The rules for this policy are:
*
Netherlands PII: Bank Account Number (Wide)
*
Netherlands PII: Bank Account Number (Default)
*
Netherlands PII: Citizen Service Number and CCN
*
Netherlands PII: Citizen Service Number and Crime
*
Netherlands PII: Citizen Service Number and Disease
*
Netherlands PII: Citizen Service Number and Ethnicity
*
Netherlands PII: Citizen Service Number and Password (Wide)
*
Netherlands PII: Citizen Service Number and Password (Default)
*
Netherlands PII: Citizen Service Number and Password (Narrow)
*
Netherlands PII: Driver License Number
*
Netherlands PII: Email Address and Password (Wide)
*
Netherlands PII: Email Address and Password (Default)
*
Netherlands PII: Passport Number
*
New Zealand PII
Policy for detection of New Zealand private information. The rules for this policy are:
*
New Zealand PII: Email Address and Password (Wide)
*
New Zealand PII: Email Address and Password (Default)
*
New Zealand: NHI Number (Wide)
*
New Zealand: NHI Number (Default)
*
Norway PII
Policy for detection of Norwegian private information. The rules for this policy are
*
Norway PII: Email Address and Password (Wide)
*
Norway PII: Email Address and Password (Default)
*
Norway PII: Personal Number (Wide)
*
Norway PII: Personal Number (Default)
*
Norway PII: Personal Number (Narrow)
*
Norway PII: Name and Personal Number
*
Norway PII: Name and Sensitive Disease
*
People's Republic of China PII
Policy for detection of People's Republic of China private information. The rules for this policy are:
*
People's Republic of China PII: CV and Resume in Chinese
*
People's Republic of China PII: Email Address and Password (Wide)
*
People's Republic of China PII: Email Address and Password (Default)
*
People's Republic of China PII: Identification Number
*
People's Republic of China PII: Passport Number (Default)
*
People's Republic of China PII: Passport Number (Narrow)
*
Peru PII
Policy for detection of Peruvian private information. The rules for this policy are:
*
Peru PII: Email Address and Password (Wide)
*
Peru PII: Email Address and Password (Default)
*
Peru PII: Unique Identification Code (CUI) (Wide)
*
Peru PII: Unique Identification Code (CUI) (Default)
*
Peru PII: Unique Identification Code (CUI) (Narrow)
*
Peru PII: Unique Taxpayer Registration Number (RUC) of Individuals (Wide)
*
Peru PII: Unique Taxpayer Registration Number (RUC) of Individuals (Default)
*
Peru PII: Unique Taxpayer Registration Number (RUC) of Non-Individuals (Wide)
*
Peru PII: Unique Taxpayer Registration Number (RUC) of Non-Individuals (Default)
*
Philippines PII
Policy for detection of Philippine private information. The rules for this policy are:
*
Philippines PII: DNA Profile
*
Philippines PII: Name and Address (Wide)
*
Philippines PII: Name and Address (Default)
*
Philippines PII: Name and Address (Narrow)
*
Philippines PII: Name and CCN (Wide)
*
Philippines PII: Name and CCN (Default)
*
Philippines PII: Name and CCN (Narrow)
*
Philippines PII: Name and Common Medical Condition (Wide)
*
Philippines PII: Name and Common Medical Condition (Default)
*
Philippines PII: Name and Crime (Wide)
*
Philippines PII: Name and Crime (Default)
*
Philippines PII: Name and Date of Birth (Wide)
*
Philippines PII: Name and Date of Birth (Default)
*
Philippines PII: Name and Password (Wide)
*
Philippines PII: Name and Password (Default)
*
Philippines PII: Name and Password (Narrow)
*
Philippines PII: Name and PhilHealth Identification Number (Wide)
*
Philippines PII: Name and PhilHealth Identification Number (Default)
*
Philippines PII: Name and Physical Information (Wide)
*
Philippines PII: Name and Physical Information (Default)
*
Philippines PII: Name and Sensitive Disease or Drug (Wide)
*
Philippines PII: Name and Sensitive Disease or Drug (Default)
*
Philippines PII: Name and SSS Number (Wide)
*
Philippines PII: Name and SSS Number (Default)
*
Philippines PII: Name and TIN (Wide)
*
Philippines PII: Name and TIN (Default)
*
Philippines PII: Password Dissemination for HTTP Traffic (Wide)
*
Philippines PII: Password Dissemination for HTTP Traffic (Default)
*
Philippines PII: Password Dissemination for HTTP Traffic (Narrow)
*
Philippines PII: PhilHealth Identification Number (Wide)
*
Philippines PII: PhilHealth Identification Number (Default)
*
Philippines PII: SSS Number (Wide)
*
Philippines PII: SSS Number (Default)
*
Philippines PII: TIN Number (Wide)
*
Philippines PII: TIN Number (Default)
*
Poland PII
Policy for detection of Polish private information. The rules for this policy are:
*
Poland PII: NIP Number (Wide)
*
Poland PII: NIP Number (Default)
*
Poland PII: NIP Number and Name
*
Poland PII: PESEL Number (Wide)
*
Poland PII: PESEL Number (Default)
*
Poland PII: PESEL and Name
*
Poland PII: Polish ID Number (Wide)
*
Poland PII: Polish ID Number (Default)
*
Poland PII: Polish ID and Name
*
Poland PII: REGON Number (Wide)
*
Poland PII: REGON Number (Default)
*
Poland PII: REGON and Name
*
Portugal PII
Policy for detection of Portuguese private information. The rules for this policy are:
*
Portugal PII: Document Number (Wide)
*
Portugal PII: Document Number (Default)
*
Portugal PII: Email Address and Password (Wide)
*
Portugal PII: Email Address and Password (Default)
*
Portugal PII: Social Security Number (Wide)
*
Portugal PII: Social Security Number (Default)
*
Portugal PII: Tax Identification Number of Individuals (Wide)
*
Portugal PII: Tax Identification Number of Individuals (Default)
*
Romania PII
Policy for detection of Romanian private information. The rule for this policy is:
*
Romania PII: Personal numeric code
*
Russia PII
Policy for detection of Russian private information. The rules for this policy are:
*
Russia PII: Email Address and Password (Wide)
*
Russia PII: Email Address and Password (Default)
*
Russia PII: Moscow Social Card Number (Wide)
*
Russia PII: Moscow Social Card Number (Default)
*
Russia PII: Moscow Social Card Number and Serial Number
*
Russia PII: Passport Number and Name (Wide)
*
Russia PII: Passport Number and Name (Default)
*
Russia PII: Passport Number and Name (Narrow)
*
Russia PII: Passport Number
*
Russia PII: Personal Pension Account Number (Wide)
*
Russia PII: Personal Pension Account Number (Default)
*
Russia PII: Phone Number (Wide)
*
Russia PII: Phone Number (Default)
*
Russia PII: Phone Number (Narrow)
*
Russia PII: Primary State Registration Numbers of Companies (Wide)
*
Russia PII: Primary State Registration Numbers of Companies (Default)
*
Russia PII: Primary State Registration Numbers of Individuals (Wide)
*
Russia PII: Primary State Registration Numbers of Individuals (Default)
*
Russia PII: Russian Classification on Objects of Administrative (Wide)
*
Russia PII: Russian Classification on Objects of Administrative Division (Default)
*
Russia PII: Russian Unified Classifier of Enterprises and Organizations
*
Russia PII: Taxpayer Identification Number of Companies (Wide)
*
Russia PII: Taxpayer Identification Number of Companies (Default)
*
Russia PII: Taxpayer Identification Number of Individuals (Wide)
*
Russia PII: Taxpayer Identification Number of Individuals (Default)
*
Serbia PII
Policy for detection of Unique Master Citizen Numbers. The rules for this policy are:
*
Serbia PII: Unique Master Citizen Number (Wide)
*
Serbia PII: Unique Master Citizen Number (Default)
*
Singapore PII
Policy for detection of Singaporean private information. The rules for this policy are:
*
Singapore PII: Email Address and Password (Wide)
*
Singapore PII: Email Address and Password (Default)
*
Singapore PII: Identification Number (Wide)
*
Singapore PII: Identification Number (Default)
*
Singapore PII: Identification Number and CCN
*
Singapore PII: Name and Address (Default)
*
Singapore PII: Name and Address (Narrow)
*
Slovakia PII
Policy for detection of Slovak private information. The rule for this policy is:
*
Slovakia PII: Email Address and Password (Wide)
*
Slovakia PII: Email Address and Password (Default)
*
Slovakia PII: Rodne Cislo (wide)
*
Slovakia PII: Rodne Cislo (default)
*
Slovenia PII
Policy for detection of Unique Master Citizen Numbers. The rules for this policy are:
*
Slovenia PII: Unique Master Citizen Number (Wide)
*
Slovenia PII: Unique Master Citizen Number (Default)
*
Social Insurance Numbers
Detects valid Canadian Social Insurance Numbers (SIN). The rules for this policy are:
*
SIN: wide
*
SIN: default
*
SIN: narrow
*
Social Security Numbers
Policy for detection of validated social security numbers. The rules for this policy are:
*
US SSN (wide)
*
US SSN (default)
*
US SSN (narrow)
*
US SSN (audit)
*
US SSN: Wide Minus Default
*
US SSN - not masked (v7.8.1 and 7.8.2 only)
*
SSN: ITIN
*
South Africa PII
Policy for detection of South African private information. The rules for this policy are:
*
South Africa PII: Email Address and Password (Wide)
*
South Africa PII: Email Address and Password (Default)
*
South Africa PII: ID Number (wide)
*
South Africa PII: ID Number (default)
*
South Africa PII:SA ID (narrow)
*
South Africa PII: Name and Sensitive Health Information
*
South Korea PII
Policy for detection of South Korean private information. The rules for this policy are:
*
South Korea PII: DNA Profile
*
South Korea PII: Email Address and Password (Wide)
*
South Korea PII: Email Address and Password (Default)
*
South Korea PII: ID Number (Default)
*
South Korea PII: ID Number (Wide)
*
South Korea PII: ID Number (With Proximity)
*
South Korea PII: Phone Number (Default)
*
South Korea PII: Phone Number (Wide)
*
South Korea PII: Phone Number (With Proximity)
*
Spain PII
Policy for detection of Spanish private information. The rules for this policy are:
*
Spain PII: DNI, Account and Password
*
Spain PII: DNI and Credit Card Number
*
Spain PII: DNI and Crime
*
Spain PII: DNI and Disease
*
Spain PII: DNI and Ethnicity
*
Spain PII: Email Address and Password (Wide)
*
Spain PII: Email Address and Password (Default)
*
Spain PII: Foreigner's Identification Number (NIE) (Default)
*
Spain PII: Foreigner's Identification Number (NIE) (Wide)
*
Spain PII: Name and Address (Default)
*
Spain PII: Name and Address (Narrow)
*
Spain PII: Name and Credit Card Number
*
Spain PII: Name and DNI
*
Spain PII: Name and Email Address
*
Spain PII: Name and IBAN
*
Spain PII: Name and Passport Number
*
Spain PII: Name and Phone Number
*
Spain PII: Name and Social Security Number (Wide)
*
Spain PII: Name and Social Security Number (Default)
*
Spain PII: Name and Tax Identification Number (NIF) (Default)
*
Spain PII: Name and Tax Identification Number (NIF) (Wide)
*
Spain PII: Social Security Number (Wide)
*
Spain PII: Social Security Number (Default)
*
Spain PII: Tax Identification Code (CIF) (Default)
*
Spain PII: Tax Identification Code (CIF) (Wide)
*
Spain PII: Tax Identification Number (NIF) (Default)
*
Spain PII: Tax Identification Number (NIF) (Wide)
*
Sweden PII
Policy for detection of Swedish private information. The rules for this policy are:
*
Sweden PII: Email Address and Password (Wide)
*
Sweden PII: Email Address and Password (Default)
*
Sweden PII: ID Number (Wide)
*
Sweden PII: ID Number (Default)
*
Switzerland
Policy for detection of Swiss private information. The rules for this policy are:
*
Switzerland PII: Email Address and Password (Wide)
*
Switzerland PII: Email Address and Password (Default)
*
Switzerland PII: Old Format AHV
*
Switzerland PII: New Format AHV
*
Taiwan PII
Policy for detection of Taiwanese private information. The rules for this policy are:
*
Taiwan PII: Address (Wide)
*
Taiwan PII: Address (Default)
*
Taiwan PII: Address (Narrow)
*
Taiwan PII: Email Address and Password (Wide)
*
Taiwan PII: Email Address and Password (Default)
*
Taiwan PII: ID Card Number (Wide)
*
Taiwan PII: ID Card Number (Default)
*
Taiwan PII: ID Card Number and Surname (Wide)
*
Taiwan PII: ID Card Number and Surname (Default)
*
Taiwan PII: ID Card Number, Surname and Private Information (Wide)
*
Taiwan PII: ID Card Number, Surname and Private Information (Default)
*
Taiwan PII: Surname and Address
*
Taiwan PII: Machine Readable Passport Number (Wide)
*
Taiwan PII: Machine Readable Passport Number (Default)
*
Taiwan PII: Passport Number (Wide)
*
Taiwan PII: Passport Number (Default)
*
Thailand PII
Policy for detection of Thai private information. The rules for this policy are:
*
Thailand PII: Email Address and Password (Wide)
*
Thailand PII: Email Address and Password (Default)
*
Thailand: National ID Number (Wide)
*
Thailand: National ID Number (Default)
*
Turkey PII
Policy for detection of Turkish private information.The rules for this policy are:
*
Turkey PII: Email Address and Password (Wide)
*
Turkey PII: Email Address and Password (Default)
*
Turkey PII: TC Kimlik
*
Turkey PII: TC Kimlik one support
*
Turkey PII: Passport Number (Wide)
*
Turkey PII: Passport Number (Default)
*
Turkey PII: Phone Number (Wide)
*
Turkey PII: Phone Number (Default)
*
UK PII
Policy for detection of UK private information. The rules for this policy are:
*
UK PII: Bank Account Number and Name
*
UK PII: Credit File (Wide)
*
UK PII: Credit File (Default)
*
UK PII: Credit File (Narrow)
*
UK PII: Driver Number and Name (Wide)
*
UK PII: Driver Number and Name (Default)
*
UK PII: Email Address and Password (Wide)
*
UK PII: Email Address and Password (Default)
*
UK PII: National Insurance Number and Name
*
UK PII: NHS Number (Default)
*
UK PII: NHS Number (Narrow)
*
UK PII: NHS Number (Wide)
*
UK PII: Passport Number and Name
*
UK PII: Postal Code and Name (Default)
*
UK PII: Postal Code and Name (Narrow)
*
UK PII: Sort Code and Name
*
UK PII: Tax ID Number and Name
*
US PII
Policy for detection of US private information. The rules for this policy are:
*
US PII: Credit File (Wide)
*
US PII: Credit File (Default)
*
US PII: Credit File (Narrow)
*
US PII: DNA Profile (Default)
*
US PII: DNA Profile (Narrow)
*
US PII: Email Address and Password (Wide)
*
US PII: Email Address and Password (Default)
*
US PII: Name and Address
*
US PII: Name and Crime
*
US PII: Name and Arizona Driver License Number
*
US PII: Name and Arkansas Driver License Number
*
US PII: Name and California Driver License Number
*
US PII: Name and Colorado Driver License Number
*
US PII: Name and Connecticut Driver License Number
*
US PII: Name and District of Columbia Driver License Number
*
US PII: Name and Florida Driver License Number
*
US PII: Name and Georgia Driver License Number
*
US PII: Name and Illinois Driver License Number
*
US PII: Name and Indiana Driver License Number
*
US PII: Name and Iowa Driver License Number
*
US PII: Name and Massachusetts Driver License Number
*
US PII: Name and Michigan Driver License Number
*
US PII: Name and Minnesota Driver License Number
*
US PII: Name and Nevada Driver License Number
*
US PII: Name and New Jersey Driver License Number
*
US PII: Name and New York Driver License Number
*
US PII: Name and North Carolina Driver License Number
*
US PII: Name and Ohio Driver License Number
*
US PII: Name and Pennsylvania Driver License Number
*
US PII: Name and Texas Driver License Number
*
US PII: Name and Utah Driver License Number
*
US PII: Name and Virginia Driver License Number
*
US PII: Name and Washington Driver License Number
*
US PII: Name and Wisconsin Driver License Number
*
US PII: Name and Illinois State ID Number
*
US PII: Name and Ethnicity
*
US PII: Name and Passport Number (Wide)
*
US PII: Name and Passport Number (Default)
*
US PII: Name and Passport Number (Narrow)
*
US PII: Passport Number (Wide)
*
US PII: Passport Number (Default)
*
US PII: Social Security Number
*
US PII: Social Security Number and Name
*
Vietnam PII
Policy for detection of Vietnamese private information. The rules for this policy are:
*
Vietnam PII: CMND Number (Wide)
*
Vietnam PII: CMND Number (Default)
*
Vietnam PII: Email Address and Password (Wide)
*
Vietnam PII: Email Address and Password (Default)
Regulations, Compliance and Standards
Predefined Policies and Classifiers | Forcepoint DLP | 8.8
Forcepoint DLP includes the following types of regulatory and compliance policies:
*
EU General Data Protection Regulation (GDPR)
*
Financial Regulations
*
Payment Card Industry (PCI)
*
National Privacy Regulations
*
US and Canada Federal Regulations
EU General Data Protection Regulation (GDPR)
Predefined Policies and Classifiers | Forcepoint DLP | 8.8
The description and list of rules for each policy in this category can be found in other sections of this document.
*
Austria Finance
*
Austria PII
*
Belgium Finance
*
Belgium PII
*
Biometric Files
*
Bulgaria Finance
*
Bulgaria PII
*
Croatia Finance
*
Croatia PII
*
CV and Resume in English
*
CV and Resume in French
*
CV and Resume in German
*
CV and Resume in Spanish
*
Cyprus Finance
*
Cyprus PII
*
Czech Republic Finance
*
Czech Republic PII
*
Denmark Finance
*
Denmark PII
*
Estonia Finance
*
Estonia PII
*
EU finance
*
Finland Finance
*
Finland PII
*
France Finance
*
France PII
*
Germany Finance
*
Germany PII
*
Greece Finance
*
Greece PII
*
Hungary Finance
*
Hungary PII
*
IMEI
*
Ireland Finance
*
Ireland PII
*
Italy Finance
*
Italy PHI
*
Italy PII
*
Latvia Finance
*
Latvia PII
*
Lithuania Finance
*
Lithuania PII
*
Luxembourg Finance
*
Luxembourg PII
*
Malta Finance
*
Malta PII
*
Netherlands Finance
*
Netherlands PII
*
Password Dissemination
*
PCI
*
Poland Finance
*
Poland PII
*
Portugal Finance
*
Portugal PII
*
Romania Finance
*
Romania PII
*
Slovakia Finance
*
Slovakia PII
*
Slovenia Finance
*
Slovenia PII
*
Spain Finance
*
Spain PII
*
Sweden Finance
*
Sweden PHI
*
Sweden PII
*
UK Finance
*
UK PHI
*
UK PII
Financial Regulations
Predefined Policies and Classifiers | Forcepoint DLP | 8.8
EU Finance
Policy for promoting regulatory compliance with the requirements of the Basel Committee on Banking Supervision. The policy contains rules to detect financial data like account numbers, passwords, or magnetic credit card tracks. Additional rules detect combinations of Personally Identifiable Information (PII) like credit cards and identification numbers. The rules for this policy are:
*
EU Finance: 5-8 Digit Account Number
*
EU Finance: 9 Digit Account Number
*
EU Finance: 10 Digit Account Number
*
EU Finance: CCN and National ID Number
*
EU Finance: CCN and PIN
*
EU Finance: Credit Card Magnetic Strip
*
EU Finance: Password Dissemination for HTTP Traffic (Wide)
*
EU Finance: Password Dissemination for HTTP Traffic (Default)
*
EU Finance: Password Dissemination for HTTP Traffic (Narrow)
*
EU Finance: Password Dissemination for non-HTTP/S Traffic (Wide)
*
EU Finance: Password Dissemination for non-HTTP/S Traffic (Default)
*
EU Finance: Password Dissemination for non-HTTP/S Traffic (Narrow)
FCRA
The Fair Credit Reporting Act (FCRA) is a United States federal law. The Act is designed to help ensure that consumer reporting agencies act fairly, impartially, and with respect for the consumer's right to privacy when preparing consumer reports on individuals. The policy comprises rules for detection of personal financial information. The rules for this policy are:
*
FCRA: CCN: All Credit Cards
*
FCRA: Credit Card Magnetic Strips
*
FCRA: DL and Account
*
FCRA: DL and Personal Finance Terms
*
FCRA: Name and Personal Finance Terms
*
FCRA: SSN and Account
*
FCRA: SSN and Personal Finance Terms
FFIEC
The Federal Financial Institutions Examination Council (FFIEC) is a formal interagency body empowered to prescribe uniform principles, standards, and report forms for the Federal examination of financial institutions. The policy contains rules to detect financial data like account numbers, passwords, or magnetic credit card tracks. Additional rules detect combinations of Personally Identifiable Information (PII) like credit cards, social security numbers, driver license numbers, and private financial information. The rules for this policy are:
*
FFIEC: 5-8 Digit Account Number
*
FFIEC: 9 Digit Account Number
*
FFIEC: 10 Digit Account Number
*
FFIEC: Credit Card Magnetic Strip
*
FFIEC: Credit Card Number
*
FFIEC: Driver License
*
FFIEC: Password Dissemination for HTTP Traffic (Wide)
*
FFIEC: Password Dissemination for HTTP Traffic (Default)
*
FFIEC: Password Dissemination for HTTP Traffic (Narrow)
*
FFIEC: Password Dissemination for non-HTTP/S Traffic (Wide)
*
FFIEC: Password Dissemination for non-HTTP/S Traffic (Default)
*
FFIEC: Password Dissemination for non-HTTP/S Traffic (Narrow)
*
FFIEC: PIN
*
FFIEC: Social Security Number
*
FFIEC: TIFF File
*
FFIEC: Zip Code and Financial Term
FSA SYSC 13.7.7
The Financial Services Authority (FSA) publishes a set of rules in the Financial Services Handbook. The Senior Management Arrangements, Systems and Controls (SYSC) is one of the subsections of this handbook. Chapter 13.7.7 requires firm to establish and maintain appropriate systems and controls to manage its information security risks regarding the confidentiality, integrity, availability, and accountability of its information. This policy detects confidential and financial documents. The rules for this policy are:
*
FSA SYSC 13.7.7: Confidential Documents
*
FSA SYSC 13.7.7: Tables with financial information
*
FSA SYSC 13.7.7: Network Information and Security
*
FSA SYSC 13.7.7: Proprietary in Document
GLBA
The Financial Modernization Act of 1999, also known as the "Gramm-Leach-Bliley Act" or GLB Act, is a US Federal regulation that includes provisions to protect consumers' personal financial information held by financial institutions. The policy contains rules to detect accounts, credit cards, and social security numbers. The policy comprises rules for detection of personal financial information and other personal information. The rules for this policy are:
*
GLBA: CCN (Default)
*
GLBA: CCN (Narrow)
*
GLBA: Name and SSN
*
GLBA: SSN and Personal Finance Terms
*
GLBA: SSN and Account
*
GLBA: RTN/ABA (wide)
*
GLBA: RTN/ABA (narrow)
*
GLBA: RTN/ABA (default)
*
GLBA: Name and 10 digit account numbers
*
GLBA: Name and 9 digit account numbers
*
GLBA: Name and 5-8 digit account numbers
*
GLBA: Name and Personal Finance Terms
*
GLBA: Name and Sensitive Disease or drug
*
GLBA: Names (Narrow) and Sensitive Disease or drug
*
GLBA: Name and Contact Info
Model Audit Rule (MAR)
The National Association of Insurance Commissioners (NAIC) Model Audit Rule (MAR) requires the assessment of internal controls over financial reporting. The policy comprises rules for detection of documents containing financial reports and, in particular, of actuary reports. The rules for this policy are:
*
MAR: Actuary Report
*
MAR: Financial Investment Information in Excel
*
MAR: Form 10-K (Non-Standard Fiscal Year)
*
MAR: Form 10-K (Standard Fiscal Year)
*
MAR: Form 10-Q (Non-Standard Fiscal Year)
*
MAR: Form 10-Q (Standard Fiscal Year)
*
MAR: SOX-Related Term
NBT 357
The Israeli NBT directive requires Israeli Banks and agencies to protect customers privacy by ensuring the integrity and confidentiality of data. The policy detects credit card information, account numbers, International Bank accounts number (Israeli IBAN) and buy and sell instructions in Hebrew. The rules for this policy are:
*
NBT 357: All Credit Cards (Default)
*
NBT 357: All Credit Cards (Wide)
*
NBT 357: IsraCard (Default)
*
NBT 357: IsraCard (Wide)
*
NBT 357: Account Number
*
NBT 357: Buy and Sell instructions
*
NBT 357: Israeli IBAN (default)
*
NBT 357: Israeli IBAN (wide)
NYSE rule 472
Regulates communications with investors and mandates approval of communications and research reports before being released as well as the retention and archiving of such communications. The rule for this policy is:
*
NYSE rule 472
SEC
Policy for detection of SEC forms 10-K and 10-Q, based on calendar fiscal year.
The rule s for this policy are:
*
SEC: Form 10-K (Non-Standard Fiscal Year)
*
SEC: Form 10-K (Standard Fiscal Year)
*
SEC: Form 10-Q (Non-Standard Fiscal Year)
*
SEC: Form 10-Q (Standard Fiscal Year)
Payment Card Industry (PCI)
Predefined Policies and Classifiers | Forcepoint DLP | 8.8
PCI
Policy for promoting compliance with the Payment Card Industry Data Security Standard (PCI DSS). PCI DSS is an industry standard, accepted internationally by all major credit card issuers and is enforced on companies and organizations that accept credit card payments or process, store, or transmit cardholder data. The standard includes the mandate that credit card numbers and cardholder data be highly secured and that transactions comprising PCI data be encrypted. Forensics are not saved for the rules that are enabled by default. The rules for this policy are:
*
PCI: Credit-Card Numbers (wide)
*
PCI: Credit-Card Numbers (default)
*
PCI: Credit-Card Numbers (narrow)
*
PCI: Credit Card Magnetic Strips
PCI Audit
A permissive policy for detecting potential credit-card-numbers. The policy contains several rules to address corner cases, such as numbers that appear as part of a long sequence, with user-defined delimiters etc. Most of the rules in the policy may cause high rate of false positives and are not recommended for usage in production mode. The rules for this policy are:
*
PCI Audit: No Word Boundaries
*
PCI Audit: Non-Delimited
*
PCI Audit: User-Defined Delimiter
*
PCI Audit: CCN and Expiration Date
*
PCI Audit: CCN and CVV
*
PCI Audit: CCN Without Validation
*
PCI Audit: Credit Card Number (Extra Wide)
*
PCI Audit: Credit Card Number (Default)
*
PCI Audit: Credit Card Magnetic Strip
*
PCI Audit: Masked Credit Card Number
*
PCI Audit: CCN in Non-English Characters
*
PCI Audit: User-Defined IIN (Wide)
*
PCI Audit: User-Defined IIN (Default)
*
PCI Audit: User-Defined IIN (Narrow)
National Privacy Regulations
Predefined Policies and Classifiers | Forcepoint DLP | 8.8
Forcepoint DLP includes regulatory policies for numerous countries.
*
Australia
*
Canada
*
European Union
*
Hong Kong
*
Iceland
*
India
*
Israel
*
Japan
*
Malaysia
*
New Zealand
*
Norway
*
Philippines
*
Russia
*
Singapore
*
South Africa
*
Switzerland
*
Taiwan
*
Thailand
*
Turkey
*
United States of America - State Privacy Regulations
Australia
Policies for promoting compliance with Australian Privacy regulations.
*
Australian Privacy Act (2012 Revision)
The Australian Federal Privacy Act mandates protection of private information and limits its storage, usage, and distribution. The policy detects private information of Australians. Each one of this policy's rules relates to different private information. Enable the rules you want to enforce. The rules for this policy are:
*
Australian Privacy Act: Medicare and Sensitive Disease or Drug
*
Australian Privacy Act: Medicare and Common Medical Condition
*
Australian Privacy Act: Name and Driver License Number
*
Australian Privacy Act: Name and Tax File Number (Wide)
*
Australian Privacy Act: Name and Tax File Number (Default)
*
Australian Privacy Act: Name and Address
*
Australian Privacy Act: Address and Tax File Number (Wide)
*
Australian Privacy Act: Address and Tax File Number (Default)
*
Australian Privacy Act: ABN and Address (Default)
*
Australian Privacy Act: ABN and Address (Wide)
*
Australian Privacy Act: Name and Bank Account Number
*
Australian Privacy Act: DNA profile
*
Australian Privacy Act: Name and Racial or Ethnic Origins
*
Australian Privacy Act: Name and Crime
*
Australian Privacy Act: Name and Sexual Preference
*
Australian Privacy Act: Credit File (Wide)
*
Australian Privacy Act: Credit File (Default)
*
Australian Privacy Act: Credit File (Narrow)
*
Australian Privacy Act: Name and ABN (Default)
*
Australian Privacy Act: Name and ABN (Wide)
*
Australian Privacy Act: Australian Name and Sensitive Disease or Drug
*
Australian Privacy Act: Australian Name and Common Medical Condition
Canada
Policies for promoting compliance with Canadian Privacy regulations.
*
PIPEDA
The Personal Information Protection and Electronic Documents Act is a Canadian law governing how private sector organizations collect, use and disclose personal information in the course of commercial business. The policy detects Canadian Personally Identifiable Information (PII) like social insurance numbers or credit cards, either alone or in combination with sensitive private information like health conditions.
*
PIPEDA: CCN and Common Medical Condition
*
PIPEDA: CCN and Sensitive Disease or Drug
*
PIPEDA: DOB and Address or SIN or Name
*
PIPEDA: Name and Driver License Number
*
PIPEDA: Name and Government Issues ID Card Number w proximity
*
PIPEDA: Name and Indian Status Number w proximity
*
PIPEDA: Name and Permanent Resident Card Number w proximity
*
PIPEDA: Name and Physical Information
*
PIPEDA: Name and Sensitive Disease
*
PIPEDA: SIN
*
PIPEDA: SIN and Address or DOB or Name
*
PIPEDA: SIN and CCN
*
PIPEDA: SIN and Common Medical Condition
*
PIPEDA: SIN and Sensitive Disease or drug
European Union
Policies for promoting compliance with European Union Privacy regulations.
*
Denmark
*
Denmark Personal Information Protection Law
The Denmark Personal Information Protection Law (PIP) regulates the handling of personal information. The policy comprises rules for detection of CPR numbers and Danish bank account numbers. The rules for this policy are:
*
DPIP: CPR and Name - Wide
*
DPIP: CPR and Name - Default
*
DPIP: CPR and Name - Narrow
*
DPIP: CPR numbers (Wide)
*
DPIP: CPR numbers (narrow)
*
DPIP: CPR numbers (default)
*
DPIP: Credit Cards
*
DPIP: Bank Account number - Wide
*
DPIP: Bank Account number with terms
*
DPIP: Bank Account number with strict format - Narrow
*
Finland
*
Personal Data Act (523/1999)
Finland's Personal Data Act provides restrictions on the processing, storage and transmission of personal and sensitive information, including personal ID. Under the Law, personal information relating to identity may only be processed, stored and transmitted with the consent of the individual. Personal information cannot generally be transferred outside of Finland unless the country has "comparable" protections. The policy comprises rules for detection of Finnish Social Security Numbers and DNA sequences. The rules for this policy are:
*
Finland Personal Data Act: Finnish SSN (Wide)
*
Finland Personal Data Act: Finnish SSN
*
Finland Personal Data Act: DNA Sequence
*
France
*
France BNR (Ordonnance 2011-1012)
A policy to promote compliance with the France Breach Notification Requirement (Ordonnance 2011-1012). According to this Ordinance, electronic communication service provider must inform, without delay, the French Data Protection Authority in case of any security breach. A data security breach is defined as any security breach that accidentally or unlawfully results in the destruction, loss, alteration, disclosure or unauthorized access to personal data that is being processed in the context of electronic communication services that are provided to the public. The rules for this policy are:
*
France BNR 2011-1012: CCN and Name
*
France BNR 2011-1012: Name and Health
*
France BNR 2011-1012: Name and Social Security Number (NIR)
*
France BNR 2011-1012: Name and INSEE
*
France BNR 2011-1012: Social Security Number (NIR) (Default)
*
France BNR 2011-1012: Social Security Number (NIR) (Wide)
*
France Data Protection Law 2004-801
Policy for the French Law 2004-801, which implements the EU Directive 95 on privacy. The policy contains rules to detect combinations of French full names and INSEE numbers with sensitive private information like credit card number or health conditions. The rules for this policy are:
*
France Privacy: CCN and Name
*
California Consumer Privacy Act
*
France Privacy: Name and Health
*
France Privacy: Name and INSEE
*
France Privacy: Name and Social Security Number (NIR)
*
France Privacy: Social Security Number (NIR) (Default)
*
France Privacy: Social Security Number (NIR) (Wide)
*
Germany
*
Germany Federal Privacy Protection Act
Policy for the German Federal Privacy Protection Act, implementing the EU Directive 95 on privacy. The policy contains rules to detect combinations of German full names with sensitive private information like credit card number, ethnicity, and health conditions. the rules for this policy are:
*
Germany FPP: CCN and Name
*
Germany FPP: Ethnicity and Name
*
Germany FPP: Health and Name
*
Germany FPP: Crime and Name
*
Greece
*
Greece - Hellenic DPA of 1997
The Hellenic Data Protection Act of 1997 regulates the processing of personal data and therefore mandates the protection of private information. The policy detects Greek AFM (Αριθμός Φορολογικού Μητρώου) and ID numbers, alone or in proximity to a Greek names in Greek or Latin letters, and combinations of Greek names in proximity to sensitive medical information in Greek and English. The rules for this policy are:
*
Greece DPA: AFM Number (Default)
*
Greece DPA: AFM Number (Wide)
*
Greece DPA: AFM Number and Name (Default)
*
Greece DPA: AFM Number and Name (Wide)
*
Greece DPA: ID and Name (Default)
*
Greece DPA: ID and Name (Wide)
*
Greece DPA: Sensitive Medical Information and Name (Default)
*
Greece DPA: Sensitive Medical Information and Name (Wide)
*
Hungary
*
Hungarian Data Protection Laws
Act LXIII of 1992 on Protection of Personal Data and Disclosure of Data Public Interest mandates, among others, that personal data shall be protected against unauthorized access, transfer and public exposure. Data may only be processed, stored and transmitted with the consent of the individual. The Act sets out sanctions for violations. The policy comprises rules for detection of Hungarian Personal Numeric Code Numbers (szemelyi azonosito szam) Social Security Numbers (TAJ szam), Tax ID Numbers (Adoazonosito jel) and DNA information. The rules for this policy are:
*
Hungarian Data Protection Laws: Hungary Szemelyi Azonosito Szam (Wide)
*
Hungarian Data Protection Laws: Hungary Szemelyi Azonosito Szam (Default)
*
Hungarian Data Protection Laws: Hungary TAJ szam (Wide)
*
Hungarian Data Protection Laws: Hungary TAJ szam (Default)
*
Hungarian Data Protection Laws: Hungary Adoazonosito jel (Wide)
*
Hungarian Data Protection Laws: Hungary Adoazonosito jel (default)
*
Hungarian Data Protection Laws: DNA Sequence
*
Ireland
*
Ireland Data Protection Acts (DPA)
Ireland Data Protection Acts (DPA) of 1988 and 2003, and in particular, the Personal Data Security Breach Code of Practice set by Ireland Data Protection Commissioner (DPC), mandate protection of personal information and requires that, in case where there is a risk of unauthorized disclosure, loss, destruction or alteration of personal data, the data controller must give immediate consideration to informing those affected. The policy contains rules to detect Irish Personally Identifiable Information (PII) like Personal Public Service Numbers (PPS/RSI) or passport numbers, alone or in combination with credit card numbers. The rules for this policy are:
*
Ireland DPA: Irish PRSI/PPS Number and CCN
*
Ireland DPA: Irish Driver Number and CCN
*
Ireland DPA: Irish Passport Number and CCN
*
Ireland DPA: Irish Personal Public Service Number
*
Ireland DPA: Irish Driver Number
*
Ireland DPA: Irish Passport Number
*
Ireland DPA: Irish IBAN (default)
*
Ireland DPA: Irish IBAN (wide)
*
Ireland DPA: Irish Bank Account
*
Ireland DPA: Name and Sensitive Diseases
*
Italy
*
Italy Health Data Privacy Act
The Italy Health Data Privacy Act protects persons from violation of their right to privacy through the processing of personal data. The Act helps to ensure that personal data is processed in accordance with fundamental respect for the right to privacy, including the need to protect personal integrity and private life and ensures that personal data is of adequate quality. The policy contains rules to detect combinations of Italy Personally Identifiable Information (PII) like Codice Fiscale and full name, with sensitive health information. The rules for this policy are:
*
Italy HDPA: Codice Fiscale
*
Italy HDPA: Codice Fiscale and Health Information
*
Italy HDPA: DICOM
*
Italy HDPA: Name and Codice Fiscale
*
Italy HDPA: Name and Health Information
*
Italy HDPA: SPSS Text Files
*
Netherlands
*
Netherlands Personal Data Protection Act
Policy to promote compliance with the Dutch Personal Data Protection Act, which implements the EU Directive 95 on privacy. The policy contains rules to detect combinations of Netherlands sofinummer and sensitive private information like account number, driver license number, passport number, ethnicity and health conditions. The rules for this policy are:
*
Netherlands PDPA: Bank Account Number (Wide)
*
Netherlands PDPA: Bank Account Number (Default)
*
Netherlands PDPA: Citizen Service Number and CCN
*
Netherlands PDPA: Citizen Service Number and Crime
*
Netherlands PDPA: Citizen Service Number and Disease
*
Netherlands PDPA: Citizen Service Number and Ethnicity
*
Netherlands PDPA: Citizen Service Number and Password (Wide)
*
Netherlands PDPA: Citizen Service Number and Password (Default)
*
Netherlands PDPA: Citizen Service Number and Password (Narrow)
*
Netherlands PDPA: Driver License Number
*
Netherlands PDPA: Passport Number
*
Poland
*
Poland LPPD
The Law on the Protection of Personal Data (LPPD) is based on the European Union (EU) Data Protection Directive. Under the Law, personal information relating to identity may only be processed, stored and transmitted with the consent of the individual. Personal information cannot generally be transferred outside of Poland unless the country has 'comparable' protections. The law sets out civil and criminal sanctions for violations. The policy comprises rules for detection of Polish NIP numbers, PESEL numbers, Polish ID numbers, DNA information and Polish REGON numbers, alone or in proximity to a Polish name. The rules for this policy are:
*
Poland LPPD: DNA Sequence
*
Poland LPPD: NIP Number (Wide)
*
Poland LPPD: NIP Number (Default)
*
Poland LPPD: NIP Number and Name
*
Poland LPPD: PESEL Number (Wide)
*
Poland LPPD: PESEL Number (Default)
*
Poland LPPD: PESEL and Name
*
Poland LPPD: Polish ID Number (Wide)
*
Poland LPPD: Polish ID Number (Default)
*
Poland LPPD: Polish ID and Name
*
Poland LPPD: REGON Number (Wide)
*
Poland LPPD: REGON Number (Default)
*
Poland LPPD: REGON and Name
*
Spain
*
Spain Data Privacy Act
The Spanish Data Privacy Act implementing the EU Directive 95 on privacy. The policy contains rules to detect combinations of Spain National Identity Documents and sensitive private information like account numbers, ethnicity and health conditions. The rules for this policy are:
*
SPAIN DPA: DNI, Account and Password
*
SPAIN DPA: DNI and Credit Card Number
*
SPAIN DPA: DNI and Crime
*
SPAIN DPA: DNI and Disease
*
SPAIN DPA: DNI and Ethnicity
*
SPAIN DPA: SSN, Account and Password (Wide)
*
SPAIN DPA: SSN, Account and Password (Default)
*
SPAIN DPA: SSN and Credit Card Number (Wide)
*
SPAIN DPA: SSN and Credit Card Number (Default)
*
SPAIN DPA: SSN and Crime (Wide)
*
SPAIN DPA: SSN and Crime (Default)
*
SPAIN DPA: SSN and Disease (Wide)
*
SPAIN DPA: SSN and Disease (Default)
*
SPAIN DPA: SSN and Ethnicity (Wide)
*
SPAIN DPA: SSN and Ethnicity (Default)
*
Sweden
*
Sweden Personal Data Act of 1998
Sweden's Personal Data Act of 1998 was enacted to protect people against the violation of their personal integrity by processing of personal data. The act includes restrictions on the storage and transmission of personal data. The pre-defined policy comprises rules for detection of Swedish Personal Identity Number (personnummer) in traffic and DNA information. The rules for this policy are:
*
Sweden Personal Data Act: Swedish ID - wide
*
Sweden Personal Data Act: Swedish ID - default
*
Sweden Personal Data Act: DNA Sequence
*
Swedish Patient Data Act (SFS 2008:355 Patientdatalagen)
A policy to promote compliance with the Swedish Patient Data Act (Patientdatalag, SFS 2008:355) that mandates protection of protected health information (PHI) and Personally Identifiable Information (PII) of Swedish citizens and residents. The policy comprises rules for detection of health information or medical conditions (in Swedish or English), in proximity to personally identifiable information such as personnummer or name, and for detection of SPSS files and Database files. The rules for this policy are:
*
SFS 2008:355: Database File
*
SFS 2008:355: DICOM
*
SFS 2008:355: DNA Profile
*
SFS 2008:355: ICD10 Code
*
SFS 2008:355: ICD10 Code and Description
*
SFS 2008:355: ICD10 Code and Name (Wide)
*
SFS 2008:355: ICD10 Code and Name (Default)
*
SFS 2008:355: ICD10 Code and Name (Narrow)
*
SFS 2008:355: ICD10 Code and Personal Number
*
SFS 2008:355: ICD10 Description
*
SFS 2008:355: Name and Health Information
*
SFS 2008:355: Name and Personal Number
*
SFS 2008:355: Name and Sensitive Disease or Drug
*
SFS 2008:355: Personal Number
*
SFS 2008:355: Personal Number and Health Information
*
SFS 2008:355: Personal Number and Sensitive Disease or Drug
*
SFS 2008:355: SPSS Text File
*
UK
*
Information Governance Toolkit
Policy for compliance with the NHS Information Governance Toolkit (IG Toolkit). The rules for this policy are:
*
IG Toolkit: DICOM
*
IG Toolkit: DNA Profile (Default)
*
IG Toolkit: DNA Profile (Narrow)
*
IG Toolkit: DOB and Name
*
IG Toolkit: Driver Number and Name (Wide)
*
IG Toolkit: Driver Number and Name (Default)
*
IG Toolkit: ICD9 Code
*
IG Toolkit: ICD9 Code and Full Name
*
IG Toolkit: ICD9 Description and Full Name
*
IG Toolkit: ICD10 Code
*
IG Toolkit: ICD10 Code and Full Name
*
IG Toolkit: ICD10 Description and Full Name
*
IG Toolkit: Name and Common Medical Condition (Default)
*
IG Toolkit: Name and Common Medical Condition (Narrow)
*
IG Toolkit: Name and Sensitive Disease or Drug (Default)
*
IG Toolkit: Name and Sensitive Disease or Drug (Narrow)
*
IG Toolkit: National Insurance Number and Name
*
IG Toolkit: NDC Number (Default)
*
IG Toolkit: NDC Number (Narrow)
*
IG Toolkit: NHS Number (Wide)
*
IG Toolkit: NHS Number (Default)
*
IG Toolkit: NHS Number (Narrow)
*
IG Toolkit: Passport Number and Name
*
IG Toolkit: Tax ID Number and Name
*
UK DPA
The UK Data Protection Act 1998 provides provision for the regulation of the processing of information relating to individuals, including the obtaining, holding, use or disclosure of such information. The policy contains rules to detect UK Personally Identifiable Information (PII) like National Insurance numbers, passport numbers, alone or in combination with credit card numbers. The rules for this policy are:
*
UK DPA: UK National Insurance Number and CCN
*
UK DPA: UK Driver Number and CCN
*
UK DPA: UK Driver Number and CCN (Wide)
*
UK DPA: UK Passport Number and CCN
*
UK DPA: UK Tax ID Number and CCN
*
UK DPA: UK National Insurance Number
*
UK DPA: UK Driver Number
*
UK DPA: UK Passport Number
*
UK DPA: UK Tax ID Number
*
UK DPA: NHS Numbers (wide)
*
UK DPA: NHS Numbers (narrow)
*
UK DPA: NHS Numbers (default)
*
EU Finance
Policy for promoting regulatory compliance with the requirements of the Basel Committee on Banking Supervision. The policy contains rules to detect financial data like account numbers, passwords, or magnetic credit card tracks. Additional rules detect combinations of Personally Identifiable Information (PII) like credit cards and identification numbers. The rules for this policy are:
*
EU Finance: CCN: with National ID
*
EU Finance: CCN and PIN number
*
EU Finance: Suspected passwords
*
EU Finance: Credit Card Magnetic Strips
*
EU Finance: Password dissemination for Web traffic
*
EU Finance: 5-8 digit Account Numbers
*
EU Finance: 10 digit Account Numbers
*
EU Finance: 9 digit Account Numbers
Hong Kong
Policies for promoting compliance with Hong Kong Privacy regulations.
*
Hong Kong Personal Data Privacy Ordinance
The Hong Kong Personal Data Privacy Ordinance (PDPO) protects the privacy interests of living individuals in relation to personal data. The Ordinance covers any data relating directly or indirectly to a living individual from which it is practicable to ascertain the identity of the individual and which are in a form in which access or processing is practicable, including, for example, Hong Kong Identity Card Number, name and address. The rules for this policy are:
*
Hong Kong PDPO: ID Number (Wide)
*
Hong Kong PDPO: ID Number (Default)
*
Hong Kong PDPO: ID Number (Narrow)
*
Hong Kong PDPO: ID Number and Address (Wide)
*
Hong Kong PDPO: ID Number and Address (Default)
*
Hong Kong PDPO: ID Number and Address (Narrow)
*
Hong Kong PDPO: ID Number or Surname (Wide)
*
Hong Kong PDPO: ID Number and Surname (Default)
*
Hong Kong PDPO: ID (formal form) and Common Surname
*
Hong Kong PDPO: ID Number, Surname and Address (Wide)
*
Hong Kong PDPO: ID Number, Surname and Address (Default)
*
Hong Kong PDPO: ID Number, Surname and Address (Narrow)
*
Hong Kong PDPO: Surname and Address (Default)
*
Hong Kong PDPO: Surname and Address (Narrow)
*
Hong Kong PDPO: Surname and Address (Wide)
Iceland
Policies for promoting compliance with Iceland Privacy regulations.
*
Iceland Privacy Act
The Iceland Act on Protection of Individuals with regard to the Processing of Personal Information (law 77/2000) follows the EU Data Protection Directive and restricts the processing, storage, and transmission of personal and sensitive information. The predefined policy comprises rules for detecting Icelandic identification numbers (Kennitala) of individuals and DNA profiles. The rules for this policy are:
*
Iceland Privacy Act: Kennitala of Individuals (Default)
*
Iceland Privacy Act: Kennitala of Individuals (Wide)
*
Iceland Privacy Act: DNA Sequence
India
*
India IT Act
Policy for detecting sensitive personal information as defined by the India Information Technology Act. The rules for this policy include:
*
India IT Act: Credit Card Number (Default)
*
India IT Act: Credit Card Number (Narrow)
*
India IT Act: Name and Aadhaar Number
*
India IT Act: Name and Common Medical Condition
*
India IT Act: Name and Password (Wide)
*
India IT Act: Name and Password (Default)
*
India IT Act: Name and Password (Narrow)
*
India IT Act: Name and Physical Information
*
India IT Act: Name and Sensitive Disease or Drug
*
India IT Act: Name and Sexual Orientation
*
India IT Act: Password Dissemination for HTTP Traffic (Wide)
*
India IT Act: Password Dissemination for HTTP Traffic (Default)
*
India IT Act: Password Dissemination for HTTP Traffic (Narrow)
*
India IT Act: Password Dissemination for non-HTTP/S Traffic (Wide)
*
India IT Act: Password Dissemination for non-HTTP/S Traffic (Default)
*
India IT Act: Password Dissemination for non-HTTP/S Traffic (Narrow)
Israel
Policies for promoting compliance with Israel Privacy regulations.
*
Israeli Health Care
Policy for detection of protected health information of Israeli citizens, to promote compliance with Israeli privacy rules and Israeli patients rights law of 1996.
*
Israeli Health Care: DICOM
*
Israeli Health Care: Identity Number and General Medical Information
*
Israeli Health Care: Identity Number and Sensitive Medical Information
*
Israeli Health Care: Name and General Medical Information
*
Israeli Health Care: Name and Sensitive Medical Information
*
Israeli Health Care: SPSS Text File
Japan
Policies for promoting compliance with Japan Privacy regulations.
*
Japan PIP
The Japan Personal Information Protection Law (PIP) states a set of obligations for companies handling personal data. The law protects individuals by regulating the handling of information by private sector businesses. The policy contains rules to protect Japan PII (Personally Identifiable Information), either alone or with a credit card number. The rules for this policy are:
*
JPIP: Account and Credit Card Number
*
JPIP: Credit Card Numbers
*
JPIP: Telephone Numbers
*
JPIP: Surname and Account
*
JPIP: Surname and Driver License
*
JPIP: Surname and Pension Number
*
JPIP: Surname and Ledger Number
*
JPIP: E-mail Addresses
*
JPIP: Individual Numbers (Wide)
*
JPIP: Individual Numbers (Default)
*
JPIP: Individual Numbers (Narrow)
*
JPIP: Corporate Numbers (Wide)
*
JPIP: Corporate Numbers (Default)
*
JPIP: Corporate Numbers (Narrow)
Malaysia
Policies for promoting compliance with Malaysia Privacy regulations.
*
Malaysia PDPA
The Malaysian Personal Data Protection Act of 2009 mandates, among others, that any person in Malaysia who collects or stores any personal data in respect of commercial transactions, should take practical steps to protect the personal data from any loss or unauthorized access or disclosure. Penalties for incompliance comprise fine not exceeding 250000 ringgit or imprisonment for a term not exceeding two years or to both. The policy comprises rules for detection of Malaysian personal information, such as Malaysian ID, alone or in combination with sensitive information such as sensitive health information, credit card numbers, account number, ethnicities and religion etc. Additional rules detect combinations of names with sensitive health information or passwords.
*
Malaysia PDPA: DNA Sequence
*
Malaysia PDPA: ID number
*
Malaysia PDPA: ID Number and Account Number
*
Malaysia PDPA: ID Number and Credit Card Number
*
Malaysia PDPA: ID Number and Crime
*
Malaysia PDPA: ID Number and Ethnicity or Religion
*
Malaysia PDPA: Name and Password (Wide)
*
Malaysia PDPA: Name and Password (Default)
*
Malaysia PDPA: Name and Password (Narrow)
*
Malaysia PDPA: Name and Sensitive Health Information
New Zealand
Policies for promoting compliance with New Zealand Privacy regulations.
*
New-Zealand Privacy Act
New Zealand's Privacy Act of 1993 applies to almost every person, business or organization in New Zealand. The act sets out information privacy principles, which, among others, limit transmission and storage of personal data. The pre-defined policy comprises rules for detection and monitoring of NZ National Health Index (NHI) numbers and DNA information. The rules for this policy are:
*
New Zealand Privacy Act: NHI number (wide)
*
New Zealand Privacy Act: NHI number (default)
*
New Zealand Privacy Act: DNA Sequence
Norway
Policies for promoting compliance with Norway Privacy regulations.
*
Norway Health Data Privacy Act
The Norway Health Data Privacy Act protects persons from violation of their right to privacy through the processing of personal data. The Act helps to ensure that personal data is processed in accordance with fundamental respect for the right to privacy, including the need to protect personal integrity and private life and ensures that personal data is of adequate quality. The policy contains rules to detect combinations of Norwegian Personally Identifiable Information (PII) like personnummer and full name, with sensitive health information.
*
Norway HDPA: DICOM
*
Norway HDPA: ICD10 Code
*
Norway HDPA: ICD10 Code and Description
*
Norway HDPA: ICD10 Code and First Name
*
Norway HDPA: ICD10 Code and Full Name
*
Norway HDPA: ICD10 Code and Last Name
*
Norway HDPA: ICD10 Code and PIN Number
*
Norway HDPA: ICD10 Description
*
Norway HDPA: Name and Health Information
*
Norway HDPA: Name and Personal Number
*
Norway HDPA: Personal Number (Wide)
*
Norway HDPA: Personal Number (Default)
*
Norway HDPA: Personal Number (Narrow)
*
Norway HDPA: Personal Number and Health Information
*
Norway HDPA: SPSS Text File
Philippines
Policies for promoting compliance with Philippines Privacy regulations.
*
Philippines Data Privacy Act
The Philippines Data Privacy Act of 2012 adopts generally accepted international principles and standards for personal data protection. It states that all sensitive personal information maintained by the government shall be secured with the use of the most appropriate standard recognized by the information and communications technology industry. Sensitive personal information includes information about an individual's age, color, health, genetics, offense committed, or ID numbers. The rules for this policy are:
*
Philippines DPA: DNA Profile
*
Philippines DPA: Name and Address (Wide)
*
Philippines DPA: Name and Address (Default)
*
Philippines DPA: Name and Address (Narrow)
*
Philippines DPA: Name and CCN (Wide)
*
Philippines DPA: Name and CCN (Default)
*
Philippines DPA: Name and CCN (Narrow)
*
Philippines DPA: Name and Common Medical Condition (Wide)
*
Philippines DPA: Name and Common Medical Condition (Default)
*
Philippines DPA: Name and Crime (Wide)
*
Philippines DPA: Name and Crime (Default)
*
Philippines DPA: Name and Date of Birth (Wide)
*
Philippines DPA: Name and Date of Birth (Default)
*
Philippines DPA: Name and Password (Wide)
*
Philippines DPA: Name and Password (Default)
*
Philippines DPA: Name and Password (Narrow)
*
Philippines DPA: Name and PhilHealth Identification Number (Wide)
*
Philippines DPA: Name and PhilHealth Identification Number (Default)
*
Philippines DPA: Name and Physical Information (Wide)
*
Philippines DPA: Name and Physical Information (Default)
*
Philippines DPA: Name and Sensitive Disease or Drug (Wide)
*
Philippines DPA: Name and Sensitive Disease or Drug (Default)
*
Philippines DPA: Name and SSS Number (Wide)
*
Philippines DPA: Name and SSS Number (Default)
*
Philippines DPA: Name and TIN (Wide)
*
Philippines DPA: Name and TIN (Default)
*
Philippines DPA: Password Dissemination for HTTP Traffic (Wide)
*
Philippines DPA: Password Dissemination for HTTP Traffic (Default)
*
Philippines DPA: Password Dissemination for HTTP Traffic (Narrow)
*
Philippines DPA: PhilHealth Identification Number (Wide)
*
Philippines DPA: PhilHealth Identification Number (Default)
*
Philippines DPA: SSS Number (Wide)
*
Philippines DPA: SSS Number (Default)
*
Philippines DPA: TIN Number (Wide)
*
Philippines DPA: TIN Number (Default)
Russia
Policies for promoting compliance with Russia Privacy regulations.
*
Russian Federal Law No. 152-FZ
Federal Law No. 152-FZ regulates activities related to processing of personal data in the Russian Federation by means of automation equipment, and mandates protecting the confidentiality of personal information. The policy detects personal information that should be protected, like passport number, personal pension account number (SNILS), Taxpayer Identification Numbers (INN), personal phone numbers, etc., in proximity to Russian names. The rules for this policy are:
*
Russia Federal Act 152-FZ: Personal Pension Account Number (SNILS) and Name
*
Russia Federal Act 152-FZ: Moscow Social Card Number and Name
*
Russia Federal Act 152-FZ: Passport Number and Name
*
Russia Federal Act 152-FZ: Phone Number and Name
*
Russia Federal Act 152-FZ: Primary State Registration Number (OGRNIP) and Name
*
Russia Federal Act 152-FZ: Taxpayer Identification Number of Individuals and Name
*
Russian Federation IIIP
The law of the Russian Federation on Information, Informatization, and Information Protection of 1995 covers both the government and private sectors and imposes a code of fair information practices and other restrictions on the processing of personal and sensitive information. The pre-defined policy comprises rules for detection of a Russian passport number when appearing together with Russian full names and for detection of DNA information. The rules for this policy are:
*
Russian Federation IIIP: DNA Sequence
*
Russian Federation IIIP: Passport Number
*
Russian Federation IIIP: Passport Number and Name (Wide)
*
Russian Federation IIIP: Passport Number and Name (Default)
*
Russian Federation IIIP: Passport Number and Name (Narrow)
Singapore
Policies for promoting compliance with Singapore Privacy regulations.
*
Singapore ETA
The Singapore Electronic Transaction Act (ETA) mandates applying adequate measures to assure the confidentiality of electronic records, imposing fines and incarceration for compromising confidentiality. It also outlines the liability of directors, managers, secretaries and other officers of the body corporate in case of a breach. The rules for this policy are:
*
Singapore ETA: Identification Number (Wide)
*
Singapore ETA: Identification Number (Default)
*
Singapore ETA: Identification Number and CCN
*
Singapore ETA: Name and Address (Default)
*
Singapore ETA: Name and Address (Narrow)
*
Singapore PDPA
The Singapore Personal Data Protection Act of 2012 covers all private sector organizations engaged in data activities within Singapore. It regulates the management of personal data by businesses and imposes financial penalties. The rules for this policy are:
*
Singapore PDPA: DNA Sequence
*
Singapore PDPA: Identification Number (Wide)
*
Singapore PDPA: Identification Number (Default)
*
Singapore PDPA: Name and Address (Default)
*
Singapore PDPA: Name and Address (Narrow)
*
Singapore PDPA: Name and CCN
*
Singapore PDPA: Name and Identification Number (Default)
*
Singapore PDPA: Name and Identification Number (Narrow)
*
Singapore PDPA: Name and Password (Wide)
*
Singapore PDPA: Name and Password (Default)
*
Singapore PDPA: Name and Password (Narrow)
*
Singapore PDPA: Name and Phones Number (Wide)
*
Singapore PDPA: Name and Phones Number (Default)
*
Singapore PDPA: Name and Phones Number (Narrow)
*
Singapore PDPA: Name and Sensitive Health Information
*
Singapore PDPA: Phones Number (Wide)
*
Singapore PDPA: Phones Number (Default)
*
Singapore PDPA: Phones Number (Narrow)
South Africa
Policies for promoting compliance with South Africa Privacy regulations.
*
South Africa ECT Act
The Republic of South Africa Electronic Communication and Transaction Act defines a national e-strategy for the Republic and also prevents abuse of information systems. Chapter VIII of the act deals with protection of personal information. The policy detects combinations of valid South Africa ID number with credit card numbers. The rules for this policy is:
*
South Africa ECT Act: ID Number and CCN (Wide)
*
South Africa ECT Act: ID Number and CCN (Default)
*
South Africa POPI
The "Protection of Personal Information" (POPI) bill regulates the collection, dissemination, use and retention of private information.The rules for this policy are:
*
South Africa POPI: DNA Sequence
*
South Africa POPI: ID Number (Wide)
*
South Africa POPI: ID Number (Default)
*
South Africa POPI: ID Number and CCN (Wide)
*
South Africa POPI: ID Number and CCN (Default)
*
South Africa POPI: ID Number and Crime (Wide)
*
South Africa POPI: ID Number and Crime (Default)
*
South Africa POPI: ID Number and Date of Birth (Wide)
*
South Africa POPI: ID Number and Date of Birth (Default)
*
South Africa POPI: ID Number and Ethnicity or Religion (Wide)
*
South Africa POPI: ID Number and Ethnicity or Religion (Default)
*
South Africa POPI: ID Number and Health Information (Wide)
*
South Africa POPI: ID Number and Health Information (Default)
*
South Africa POPI: Name and Password (Wide)
*
South Africa POPI: Name and Password (Default)
*
South Africa POPI: Name and Password (Narrow)
*
South Africa POPI: Name and Personal Finance Term
*
South Africa POPI: ID Number and SWIFT Code (Wide)
*
South Africa POPI: ID Number and Account Number (Default)
*
South Africa POPI: Name and Sensitive Health Information
Switzerland
Policies for promoting compliance with Switzerland Privacy regulations.
*
Swiss Confederation Federal Act of Data Protection
The Federal Act of Data Protection of 1992 regulates personal information held by government and private bodies. The Act requires that information must be legally and fairly collected and places limits on its use and disclosure to third parties. Transfers to other nations must be registered and the recipient nation must have equivalent laws. The pre-defined policy comprises rules for detection of Swiss AHV numbers and DNA information. The rules for this policy are:
*
Swiss Federal Act of Data Protection: Old format AHV
*
Swiss Federal Act of Data Protection: new format AHV
*
Swiss Federal Act of Data Protection: DNA Sequence
Taiwan
Policies for promoting compliance with Taiwan Privacy regulations.
*
Taiwan PIPA
Taiwan - Personal Information Protection Act. The rules for this policy are:
*
Taiwan PIPA: ID Card Number (Wide)
*
Taiwan PIPA: ID Card Number (Default)
*
Taiwan PIPA: ID Card Number and Surname (Wide)
*
Taiwan PIPA: ID Card Number and Surname (Default)
*
Taiwan PIPA: ID Card Number, Surname and Private Information (Wide)
*
Taiwan PIPA: ID Card Number, Surname and Private Information (Default)
*
Taiwan PIPA: Machine Readable Passport Number (Wide)
*
Taiwan PIPA: Machine Readable Passport Number (Default)
*
Taiwan PIPA: Passport Number (Wide)
*
Taiwan PIPA: Passport Number (Default)
Thailand
Policies for promoting compliance with Thailand Privacy regulations.
*
Thailand Official Information Act
The Thailand Official Information Act, B.E. 2540 of 1997 sets a code of information practices for the processing of personal information by state agencies. The act mandates, among other things, not to disclose personal information to other state agencies or other persons without prior consent given in writing, except in limited circumstances. The pre-defined policy comprises rules for detecting validated Thai National ID Numbers and DNA sequences. The rules for this policy are:
*
Thailand Official Information Act: National ID (wide)
*
Thailand Official Information Act: National ID (default)
*
Thailand Official Information Act: DNA Sequence
Turkey
*
Turkey Protection of Personal Data Draft Law
A policy for protection of personal information, in accordance with Turkey's "Protection of Personal Data" Draft Law. The rules for this policy are:
*
Turkey Protection of Personal Data Draft Law: TC Kimlik
*
Turkey Protection of Personal Data Draft Law: TC Kimlik one support
*
Turkey Protection of Personal Data Draft Law: TC Kimlik and CCN
*
Turkey Protection of Personal Data Draft Law: Spreadsheets
*
Turkey Protection of Personal Data Draft Law: Confidential in Header Footer
*
Turkey Protection of Personal Data Draft Law: Passport Number (Default)
*
Turkey Protection of Personal Data Draft Law: Passport Number (Wide)
*
Turkey Protection of Personal Data Draft Law: Phone Number (Default)
*
Turkey Protection of Personal Data Draft Law: Phone Number (Wide)
United States of America - State Privacy Regulations
Predefined Policies and Classifiers | Forcepoint DLP | 8.8
Policies for promoting compliance with various states' privacy regulations
*
Alabama Information ProtectionKentucky Data Breach Notification
*
Alaska Personal Information Protection Act
*
Arizona Data Breach Notification Law
*
Arkansas Personal Information Protection Act
*
California Consumer Privacy Act (CCPA)
*
Colorado Consumer Protection Act
*
Connecticut Data Breach Notification Act
*
Delaware Data Breach Notification
*
District of Columbia Security Breach Notification Act
*
Florida Information Protection Act
*
Georgia Personal Data Security Act
*
Hawaii Security Breach of Personal Information
*
Idaho Data Breach Notification
*
Illinois Personal Information Protection Act
*
Indiana Disclosure of Security Breach law
*
Iowa Data Breach Notification Law
*
Kansas Protection of Consumer Information
*
Kentucky Data Breach Notification
*
Louisiana Data Breach Notification
*
Maine Data Breach Notification Law
*
Maryland Personal Information Protection Act
*
Massachusetts Protection of Personal Information
*
Michigan Identity Theft Protection Act
*
Minnesota Data Breach Notification
*
Mississippi Data Breach Notification
*
Missouri Breach Notification Law
*
Montana Data Breach Notification Statute
*
Nebraska Notification of Data Security Breach Act
*
Nevada Security of Personal Information
*
New Hampshire Notice of Security Breach
*
New Jersey Personal Information and Privacy Protection Act
*
New Mexico Data Breach Notification Act
*
New York Data Security Act
*
North Carolina Identity Theft Protection Act
*
North Dakota Data Breach Notification
*
Ohio Data Security Breach Notification Law
*
Oklahoma Security Breach Notification Act
*
Oregon Consumer Identity Theft Protection Act
*
Pennsylvania Breach of Personal Information Notification Act
*
Puerto Rico Data Breach Notification
*
Rhode Island Identity Theft Protection Act
*
South Carolina Data Breach Notification
*
South Dakota Medical Records Law
*
Tennessee Data Breach Notification
*
Texas Identity Theft Enforcement and Protection Act
*
Utah Protection of Personal Information Act
*
Vermont Security Breach Notice Act
*
Virginia Data Breach Notification
*
Washington Data Breach Notification
*
West Virginia Consumer Credit and Protection Act
*
Wisconsin Data Breach Notification
*
Wyoming Data Breach Notification
Alabama Information Protection
Alabama standard 681S2-00 requires that executive branch agencies, boards, and commissions shall identify Personally Identifiable Information (PII), evaluate the risk and impact of loss or unauthorized disclosure of PII, and implement PII confidentiality safeguards. The policy detects combinations of PII like social security and credit card numbers. Additional rules detect passwords. The rules for this policy are:
*
Alabama Information Protection: Account and Password
*
Alabama Information Protection: Name and CCN
*
Alabama Information Protection: Name and Password (Wide)
*
Alabama Information Protection: Name and Password (Default)
*
Alabama Information Protection: Name and Password (Narrow)
*
Alabama Information Protection: Name and SSN
*
Alabama Information Protection: Password Dissemination for HTTP Traffic (Wide)
*
Alabama Information Protection: Password Dissemination for HTTP Traffic (Default)
*
Alabama Information Protection: Password Dissemination for HTTP Traffic (Narrow)
Alaska Personal Information Protection Act
Alaska HB 65 of 2008 notifies consumers when a data breach concerning personal information has occurred. Personal information is defined to include unencrypted information on an individual, which consists of the individual's name and one or more of several other pieces of information, including social security number, driver's license number, account number, password, or other access codes. The policy detects combinations of full names with social security, driver's license, or credit card numbers. Additional rules detect passwords and account numbers. The rules for this policy are:
*
Alaska Personal Information Protection Act: Name and SSN
*
Alaska Personal Information Protection Act: Name and DL
*
Alaska Personal Information Protection Act: Name and CCN
*
Alaska Personal Information Protection Act: Name and Password (Wide)
*
Alaska Personal Information Protection Act: Name and Password (Default)
*
Alaska Personal Information Protection Act: Name and Password (Narrow)
*
Alaska Personal Information Protection Act: Password Dissemination for HTTP Traffic (Wide)
*
Alaska Personal Information Protection Act: Password Dissemination for HTTP Traffic (Default)
*
Alaska Personal Information Protection Act: Password Dissemination for HTTP Traffic (Narrow)
*
Alaska Personal Information Protection Act: Account and Password
Arizona Data Breach Notification Law
Arizona SB 1338 of 2006 requires businesses to provide consumer notification of data breaches. It is applicable to any person that conducts business in Arizona and owns or licenses computerized data that includes personal information or maintains such data. The policy detects combinations of Personally Identifiable Information (PII) like social security, credit card, and Arizona driver's license numbers. The rules for this policy are:
*
Arizona Data Breach Notification Law: SSN with AZ driver license
*
Arizona Data Breach Notification Law: SSN with CCN
Arkansas Personal Information Protection Act
Arkansas SB 1167 of 2005 requires organizations to protect personal information of Arkansas residents (including personal health information) and to inform Arkansas customers when their private information is disclosed during a security breach. The policy comprises rules that detect combinations of personally identifiable information with sensitive information such as protected health information, credit card numbers, or passwords. The rules for this policy are:
*
Arkansas SB 1167: Arkansas Driver License with Sensitive Disease or Drug
*
Arkansas Personal Information Protection Act: CCN with Arkansas Driver License
*
Arkansas Personal Information Protection Act: Names with Sensitive Disease or Drug (Default)
*
Arkansas Personal Information Protection Act: Names with Sensitive disease or drug (Narrow)
*
Arkansas Personal Information Protection Act: Password Dissemination for HTTP Traffic (Wide)
*
Arkansas Personal Information Protection Act: Password Dissemination for HTTP Traffic (Default)
*
Arkansas Personal Information Protection Act: Password Dissemination for HTTP Traffic (Narrow)
*
Arkansas Personal Information Protection Act: Password Dissemination for non-HTTP/S Traffic (Wide)
*
Arkansas Personal Information Protection Act: Password Dissemination for non-HTTP/S Traffic (Default)
*
Arkansas Personal Information Protection Act: Password Dissemination for non-HTTP/S Traffic (Narrow)
*
Arkansas Personal Information Protection Act: SSN with CCN
*
Arkansas Personal Information Protection Act: SSN with Sensitive Disease or Drug
California Consumer Privacy Act (CCPA)
*
The 'California Consumer Privacy Act of 2018' (CCPA) protects the personal information collected by businesses. Businesses in violation of the act shall be liable for a civil penalty. The policy detects personally identifiable information (PII), such as social security numbers, and credit card numbers. The policy also covers previous Californian privacy regulations, such as California SB 1386 of 2003, California AB 1950 of 2004 and AB-1298 of 2017.
*
The rules for this policy are:
*
California Consumer Privacy Act: California Driver License and Sensitive Disease or Drug
*
California Consumer Privacy Act: CCN (Default)
*
California Consumer Privacy Act: CCN (Narrow)
*
California Consumer Privacy Act: CCN and California Driver License Number
*
California Consumer Privacy Act: CCN and Sensitive Disease or Drug
*
California Consumer Privacy Act: Celebrity Name and Sensitive Disease or Drug
*
California Consumer Privacy Act: Celebrity Name and Common Medical Condition
*
California Consumer Privacy Act: CCN and Common Medical Condition
*
California Consumer Privacy Act: DNA Profile
*
California Consumer Privacy Act: ICD9 Code and Name
*
California Consumer Privacy Act: ICD9 Description and Name
*
California Consumer Privacy Act: ICD10 Code and Name
*
California Consumer Privacy Act: ICD10 Description and Name
*
California Consumer Privacy Act: Name and Common Medical Condition (Default)
*
California Consumer Privacy Act: Name and Common Medical Condition (Narrow)
*
California Consumer Privacy Act: Name and HICN
*
California Consumer Privacy Act: Name and Sensitive Disease or Drug (Default)
*
California Consumer Privacy Act: Name and Sensitive Disease or Drug (Narrow)
*
California Consumer Privacy Act: SSN
*
California Consumer Privacy Act: SSN and Common Medical Condition
*
California Consumer Privacy Act: SSN and Sensitive Disease or Drug
*
California Consumer Privacy Act: SSN and California Driver License Number
*
California Consumer Privacy Act: SSN and CCN
*
California Consumer Privacy Act: Name and MBI (Default)
*
California Consumer Privacy Act: Name and MBI (Wide)
Colorado Consumer Protection Act
Colorado HB 06-1119 of 2006 requires that an individual or commercial entity that conducts business in Colorado and that owns or licenses computerized data that includes personal information about a resident of Colorado shall, when it becomes aware of a breach of the security of the system, conduct in good faith a prompt investigation to determine the likelihood that personal information has been or will be misused. The individual or the commercial entity shall give notice as soon as possible to the affected Colorado residents unless the investigation determines that the misuse of information about a Colorado resident has not occurred and is not reasonably likely to occur. The policy detects combinations of Personally Identifiable Information (PII) like social security, credit card, and driver's license numbers. The rules for this policy are:
*
Colorado Consumer Protection Act: SSN: with Colorado driver license
*
Colorado Consumer Protection Act: SSN with CCN
*
Colorado Consumer Protection Act: Name with SSN
*
Colorado Consumer Protection Act: Name with Colorado driver license
*
Colorado Consumer Protection Act: Name with CCN
*
Colorado Consumer Protection Act: SSN with DNA profile
Connecticut Data Breach Notification Act
Connecticut SB 650 of 2006 requires that any person who conducts business in this state, and who, in the ordinary course of such person's business, owns, licenses or maintains computerized data that includes personal information, shall provide notice of any breach of security, following the discovery of the breach, to any resident of this state whose personal information was breached or is reasonably believed to have been breached. Such notice shall be made without unreasonable delay but not later than ninety days after the discovery of such breach. The policy detects combinations of Personally Identifiable Information (PII) like social security, credit card, and driver's license numbers. The rules for this policy are:
*
Connecticut Data Breach Notification Act: Name and SSN
*
Connecticut Data Breach Notification Act: Name and DL
*
Connecticut Data Breach Notification Act: Name and CCN
*
Connecticut Data Breach Notification Act: Name and Password (Wide)
*
Connecticut Data Breach Notification Act: Name and Password (Default)
*
Connecticut Data Breach Notification Act: Name and Password (Narrow)
*
Connecticut Data Breach Notification Act: Password Dissemination for HTTP Traffic (Wide)
*
Connecticut Data Breach Notification Act: Password Dissemination for HTTP Traffic (Default)
*
Connecticut Data Breach Notification Act: Password Dissemination for HTTP Traffic (Narrow)
*
Connecticut Data Breach Notification Act: Account and Password
Delaware Data Breach Notification
Delaware HB 116 of 2005 requires that any person who conducts business in this State and who owns, licenses, or maintains computerized data that includes personal information shall provide notice of any breach of security, following determination of the breach of security, to any resident of this state whose personal information was breached or is reasonably believed to have been breached; unless, after an appropriate investigation, the person reasonably determines that the breach of security is unlikely to result in harm to the individuals whose personal information has been breached. The policy detects combinations of Personally Identifiable Information (PII) like social security, credit card, and driver's license numbers. The rules for this policy are:
*
Delaware Data Breach Notification: Name and SSN
*
Delaware Data Breach Notification: Name and CCN
*
Delaware Data Breach Notification: Name and Password (Wide)
*
Delaware Data Breach Notification: Name and Password (Default)
*
Delaware Data Breach Notification: Name and Password (Narrow)
*
Delaware Data Breach Notification: Password Dissemination for HTTP Traffic (Wide)
*
Delaware Data Breach Notification: Password Dissemination for HTTP Traffic (Default)
*
Delaware Data Breach Notification: Password Dissemination for HTTP Traffic (Narrow)
*
Delaware Data Breach Notification: Account and Password
*
Delaware Data Breach Notification: Credit cards and Sensitive Disease or drug
*
Delaware Data Breach Notification: Credit Card and Common Medical Condition
District of Columbia Security Breach Notification Act
District of Columbia CB 16-810, signed into law as the Consumer Personal Information Security Breach Notification Act in 2007, requires any person or entity who conducts business in the District of Columbia, and who, in the course of such business, owns or licenses computerized or other electronic data that includes personal information, and who discovers a breach of the security of the system, shall promptly notify any District of Columbia resident whose personal information was included in the breach. The notification shall be made n the most expedient time possible and without unreasonable delay, consistent with the legitimate needs of law enforcement, as provided in subsection (d) of this section, and with any measures necessary to determine the scope of the breach and restore the reasonable integrity of the data system. The policy detects combinations of Personally Identifiable Information (PII) like social security, credit card, and driver's license numbers. The rules for this policy are:
*
District of Columbia Security Breach Notification Act: Name and SSN
*
District of Columbia Security Breach Notification Act: Name and DL
*
District of Columbia Security Breach Notification Act: Name and CCN
*
District of Columbia Security Breach Notification Act: Name and Password (Wide)
*
District of Columbia Security Breach Notification Act: Name and Password (Default)
*
District of Columbia Security Breach Notification Act: Name and Password (Narrow)
*
District of Columbia Security Breach Notification Act: Password Dissemination for HTTP Traffic (Wide)
*
District of Columbia Security Breach Notification Act: Password Dissemination for HTTP Traffic (Default)
*
District of Columbia Security Breach Notification Act: Password Dissemination for HTTP Traffic (Narrow)
Florida Information Protection Act
Florida SB 1524 of 2014 requires that a corporation, trust, estate, cooperative, association, or other commercial entity that acquires, maintains, stores, or uses personal information shall provide notice to the department of any breach of security affecting 500 of more individuals in this state. Such notice must be provided to the department as expeditiously as practicable, but no later than 30 days after the determination of the breach or reason to believe a breach occurred. The policy detects combinations of Personally Identifiable Information (PII) like social security, credit card, and driver's license numbers. Additional rules protect passwords. The rules for this policy are:
*
Florida Information Protection Act: SSN with CCN
*
Florida Information Protection Act: CCN with FL Driver License
*
Florida Information Protection Act: Password Dissemination for non-HTTP/S Traffic (Wide)
*
Florida Information Protection Act: Password Dissemination for non-HTTP/S Traffic (Default)
*
Florida Information Protection Act: Password Dissemination for non-HTTP/S Traffic (Narrow)
Georgia Personal Data Security Act
Georgia SB 230 of 2005 requires that in the vent of a breach of the security of the system, which system is maintained by a third-party agent for a covered entity, the third-party agent shall notify the covered entity of such breach as expeditiously as practicable but no later than 72 hours after the determination of such breach or reason to believe such breach has occurred. The policy detects combinations of Personally Identifiable Information (PII) like social security, credit card, and driver's license numbers. Additional rules detect passwords. The rules for this policy are:
*
Georgia Personal Data Security Act: SSN with CCN
*
Georgia Personal Data Security Act: CCN with GA Driver License
*
Georgia Personal Data Security Act: Password Dissemination for HTTP Traffic (Wide)
*
Georgia Personal Data Security Act: Password Dissemination for HTTP Traffic (Default)
*
Georgia Personal Data Security Act: Password Dissemination for HTTP Traffic (Narrow)
*
Georgia Personal Data Security Act: Password Dissemination for non-HTTP/S Traffic (Wide)
*
Georgia Personal Data Security Act: Password Dissemination for non-HTTP/S Traffic (Default)
*
Georgia Personal Data Security Act: Password Dissemination for non-HTTP/S Traffic (Narrow)
Hawaii Security Breach of Personal Information
Hawaii SB 2290 of 2007 requires that any business that owns or licenses personal information of residents of Hawaii, any business that conducts business in Hawaii that owns or licenses personal information in any form (whether computerized, paper, or otherwise), or any government agency that collects personal information for specific government purposes shall provide notice to the affected person that there has been a security breach, following discovery or notification of the breach. The policy detects combinations of Personally Identifiable Information (PII) like social security, credit card, and driver's license numbers. Additional rules detect passwords and account numbers. The rules for this policy are:
*
Hawaii Security Breach of Personal Information: Name and SSN
*
Hawaii Security Breach of Personal Information: Name and DL
*
Hawaii Security Breach of Personal Information: Name and CCN
*
Hawaii Security Breach of Personal Information: Name and Password (Wide)
*
Hawaii Security Breach of Personal Information: Name and Password (Default)
*
Hawaii Security Breach of Personal Information: Name and Password (Narrow)
*
Hawaii Security Breach of Personal Information: Password Dissemination for HTTP Traffic (Wide)
*
Hawaii Security Breach of Personal Information: Password Dissemination for HTTP Traffic (Default)
*
Hawaii Security Breach of Personal Information: Password Dissemination for HTTP Traffic (Narrow)
*
Hawaii Security Breach of Personal Information: Account and Password
Idaho Data Breach Notification
Idaho SB 1374 of 2006 requires a city, county, or stage agency, individual, or commercial entity that conducts business in Idaho and that owns or licenses computerized data that includes personal information about a resident of Idaho shall, when it becomes aware of a breach of the security of the system, conduct in good faith a reasonable and prompt investigation to determine the likelihood that personal information has been or will be misused. If the investigation determines that the misuse of information about an Idaho resident has occurred or is reasonably likely to occur, the agency, individual, or commercial entity shall give notice as soon as possible to the affected Idaho resident. The policy detects combinations of Personally Identifiable Information (PII) like social security, credit card, and driver's license numbers. Additional rules detect passwords and account numbers. The rules for this policy are:
*
Idaho Data Breach Notification: Name and SSN
*
Idaho Data Breach Notification: Name and DL
*
Idaho Data Breach Notification: Name and CCN
*
Idaho Data Breach Notification: Name and Password (Wide)
*
Idaho Data Breach Notification: Name and Password (Default)
*
Idaho Data Breach Notification: Name and Password (Narrow)
*
Idaho Data Breach Notification: Password Dissemination for HTTP Traffic (Wide)
*
Idaho Data Breach Notification: Password Dissemination for HTTP Traffic (Default)
*
Idaho Data Breach Notification: Password Dissemination for HTTP Traffic (Narrow)
*
Idaho Data Breach Notification: Account and Password
Illinois Personal Information Protection Act
Illinois HB 1633 of 2006 requires data collectors to provide notification of a security breach after discovery, even if data has not been accessed by unauthorized persons. This state law affects all data collectors that own or license personal information (PI), or maintains computerized data that includes PI. The policy detects combinations of Personally Identifiable Information (PII) like social security, credit card, state ID, and driver's license numbers. Additional rules detect passwords. The rules for this policy are:
*
Illinois Personal Information Protection Act: SSN with CCN
*
Illinois Personal Information Protection Act: CCN with Illinois Driver License
*
Illinois Personal Information Protection Act: CCN with Illinois State ID
*
Illinois Personal Information Protection Act: Password Dissemination for HTTP Traffic (Wide)
*
Illinois Personal Information Protection Act: Password Dissemination for HTTP Traffic (Default)
*
Illinois Personal Information Protection Act: Password Dissemination for HTTP Traffic (Narrow)
*
Illinois Personal Information Protection Act: Password Dissemination for non-HTTP/S Traffic (Wide)
*
Illinois Personal Information Protection Act: Password Dissemination for non-HTTP/S Traffic (Default)
*
Illinois Personal Information Protection Act: Password Dissemination for non-HTTP/S Traffic (Narrow)
Indiana Disclosure of Security Breach law
Indiana SB 503 of 2006 requires that after discovering or being notified of a breach of the security of data, database owners shall disclose the breach to an Indiana resident whose: (1) unencrypted personal information was or may have been acquired by an unauthorized person; or (2) encrypted personal information was or may have been acquired by an unauthorized person with access to the encryption key; if the database owners know, should know, or should have known that the unauthorized acquisition constituting the breach has resulted in or could result in identity deception, identity theft, or fraud affecting the Indiana resident. The policy detects combinations of Personally Identifiable Information (PII) like social security, credit card, and driver's license numbers. The rules for this policy are:
*
Indiana Disclosure of Security Breach law: Name and SSN
*
Indiana Disclosure of Security Breach law: Name and DL
*
Indiana Disclosure of Security Breach law: Name and CCN
*
Indiana Disclosure of Security Breach law: Name and Password (Wide)
*
Indiana Disclosure of Security Breach law: Name and Password (Default)
*
Indiana Disclosure of Security Breach law: Name and Password (Narrow)
*
Indiana Disclosure of Security Breach law: Password Dissemination for HTTP Traffic (Wide)
*
Indiana Disclosure of Security Breach law: Password Dissemination for HTTP Traffic (Default)
*
Indiana Disclosure of Security Breach law: Password Dissemination for HTTP Traffic (Narrow)
*
Indiana Disclosure of Security Breach law: Account and Password
Iowa Data Breach Notification Law
Iowa S.F. 2308 of 2008 requires that any person who owns or licenses computerized data that includes a consumer's personal information that is used in the course of the person's business, vocation, occupation, or volunteer activities and that was subject to a breach of security shall give notice of the breach of security, following discovery of such breach of security, to any consumer whose personal information was included in the information that was breached. The policy detects combinations of Personally Identifiable Information (PII) like social security, credit card, and driver's license numbers. The rules for this policy are:
*
Iowa Data Breach Notification Law: Name and SSN
*
Iowa Data Breach Notification Law: Name and DL
*
Iowa Data Breach Notification Law: Name and CCN
*
Iowa Data Breach Notification Law: Name and Password (Wide)
*
Iowa Data Breach Notification Law: Name and Password (Default)
*
Iowa Data Breach Notification Law: Name and Password (Narrow)
*
Iowa Data Breach Notification Law: Password Dissemination for HTTP Traffic (Wide)
*
Iowa Data Breach Notification Law: Password Dissemination for HTTP Traffic (Default)
*
Iowa Data Breach Notification Law: Password Dissemination for HTTP Traffic (Narrow)
*
Iowa Data Breach Notification Law: DNA profile
Kansas Protection of Consumer Information
Kansas SB 196 requires that a person that conducts business in this state, or a government, governmental subdivision, or agency that owns or licenses computerized data that includes personal information shall, when it becomes aware of any breach of the security of the system, conduct in good faith a reasonable and prompt investigation to determine the likelihood that personal information has been or will be misused. If the investigation determines that the misuse of information has occurred or is reasonably likely to occur, the person or government, governmental subdivision, or agency shall give notice as soon as possible to the affected Kansas resident. The policy detects combinations of Personally Identifiable Information (PII) like social security, credit card, and driver's license numbers. The rules for this policy are:
*
Kansas Protection of Consumer Information: Name and SSN
*
Kansas Protection of Consumer Information: Name and DL
*
Kansas Protection of Consumer Information: Name and CCN
*
Kansas Protection of Consumer Information: Name and Password (Wide)
*
Kansas Protection of Consumer Information: Name and Password (Default)
*
Kansas Protection of Consumer Information: Name and Password (Narrow)
*
Kansas Protection of Consumer Information: Password Dissemination for HTTP Traffic (Wide)
*
Kansas Protection of Consumer Information: Password Dissemination for HTTP Traffic (Default)
*
Kansas Protection of Consumer Information: Password Dissemination for HTTP Traffic (Narrow)
*
Kansas Protection of Consumer Information: Account and Password
Kentucky Data Breach Notification
Kentucky HB 232, signed into law in 2014, requires any person or business entity that conducts business in Kentucky to provide notification in case of an unauthorized acquisition of unencrypted, unredacted computerized data that compromises the security, confidentiality, or integrity of personally identifiable information (PII) maintained by the information holder as part of a database regarding multiple individuals that causes or leads the information holder to believe has caused or will cause identity theft or fraud against a Kentucky resident. Upon notification or discovery of a breach of the security of the system, an information holder must notify any resident of Kentucky whose unencrypted information was or is reasonably believed to have been acquired by an unauthorized person. It is applicable to any person that conducts business in the state and owns or licenses computerized data or maintains such data. The policy detects combinations of PII like social security, credit card, and driver's license numbers. The rules for this policy are:
*
Kentucky Data Breach Notification: Account and Password
*
Kentucky Data Breach Notification: Name and CCN
*
Kentucky Data Breach Notification: Name and Password (Wide)
*
Kentucky Data Breach Notification: Name and Password (Default)
*
Kentucky Data Breach Notification: Name and Password (Narrow)
*
Kentucky Data Breach Notification: Name and SSN
*
Kentucky Data Breach Notification: Password Dissemination for HTTP Traffic (Wide)
*
Kentucky Data Breach Notification: Password Dissemination for HTTP Traffic (Default)
*
Kentucky Data Breach Notification: Password Dissemination for HTTP Traffic (Narrow)
Louisiana Data Breach Notification
Louisiana SB 205 of 2006 demands notification to any Louisiana resident whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person as a result of a security breach. The policy detects combinations of Personally Identifiable Information (PII) like social security, credit card, and driver's license numbers. The rules for this policy are:
*
Louisiana Data Breach Notification: Name and SSN
*
Louisiana Data Breach Notification: Name and DL
*
Louisiana Data Breach Notification: Name and CCN
*
Louisiana Data Breach Notification: Name and Password (Wide)
*
Louisiana Data Breach Notification: Name and Password (Default)
*
Louisiana Data Breach Notification: Name and Password (Narrow)
*
Louisiana Data Breach Notification: Password Dissemination for HTTP Traffic (Wide)
*
Louisiana Data Breach Notification: Password Dissemination for HTTP Traffic (Default)
*
Louisiana Data Breach Notification: Password Dissemination for HTTP Traffic (Narrow)
*
Louisiana Data Breach Notification: Account and Password
Maine Data Breach Notification Law
Maine LD 1671 of 2006 requires that an information broker that maintains computerized data that includes personal information that becomes aware of a breach of the security of the system shall conduct in good faith a reasonable and prompt investigation to determine the likelihood that personal information has been or will be misused, and shall give notice of a breach of the security of the system, following discovery or notification of the security breach, to a resident of this state whose personal information has been, or is reasonably believed to have been, acquired by an unauthorized person. The policy detects combinations of Personally Identifiable Information (PII) like social security, credit card, and driver's license numbers. The rules for this policy are:
*
Maine Data Breach Notification Law: Name and SSN
*
Maine Data Breach Notification Law: Name and DL
*
Maine Data Breach Notification Law: Name and CCN
*
Maine Data Breach Notification Law: Name and Password (Wide)
*
Maine Data Breach Notification Law: Name and Password (Default)
*
Maine Data Breach Notification Law: (Narrow)
*
Maine Data Breach Notification Law: Password Dissemination for HTTP Traffic (Wide)
*
Maine Data Breach Notification Law: Password Dissemination for HTTP Traffic (Default)
*
Maine Data Breach Notification Law: Password Dissemination for HTTP Traffic (Narrow)
*
Maine Data Breach Notification Law: Account and Password
Maryland Personal Information Protection Act
Maryland HB 208 of 2008 requires that a business that owns or licenses computerized data that includes personal information of an individual residing in the state, when it discovers or is notified of a breach of the security of a system, shall conduct in good faith a reasonable and prompt investigation to determine the likelihood that personal information of the individual has been or will be misused as a result of the breach. It is applicable to any person that conducts business in the state and owns or licenses computerized data or maintains such data. The policy detects combinations of Personally Identifiable Information (PII) like social security, credit card, and driver's license numbers. The rules for this policy are:
*
Maryland Personal Information Protection Act: Name and SSN
*
Maryland Personal Information Protection Act: Name and DL
*
Maryland Personal Information Protection Act: Name and CCN
*
Maryland Personal Information Protection Act: Name and Password (Wide)
*
Maryland Personal Information Protection Act: Name and Password (Default)
*
Maryland Personal Information Protection Act: Name and Password (Narrow)
*
Maryland Personal Information Protection Act: Password Dissemination for HTTP Traffic (Wide)
*
Maryland Personal Information Protection Act: Password Dissemination for HTTP Traffic (Default)
*
Maryland Personal Information Protection Act: Password Dissemination for HTTP Traffic (Narrow)
*
Maryland Personal Information Protection Act: Account and Password
Massachusetts Protection of Personal Information
Massachusetts 201 CMR 17 requires that every person that owns or licenses personal information about a resident of the Commonwealth shall develop, implement, and maintain a comprehensive information security program that is written in one or more readily accessible parts and contains administrative, technical, and physical safeguards that are appropriate to (a) the size, scope, and type of business of the person obligated to safeguard the personal information under such comprehensive information security program; (b) the amount of resources available to such person; (c) the amount of stored data; and (d) the need for security and confidentiality of both consumer and employee information. The safeguards contained in such program must be consistent with the safeguards for protection of personal information and information of a similar character set forth in any state or federal regulations by which the person who owns or licenses such information may be regulated. The policy detects combinations of Personally Identifiable Information (PII) like social security, credit card, and driver's license numbers. The rules for this policy are:
*
Massachusetts Protection of Personal Information: Name and SSN
*
Massachusetts Protection of Personal Information: Name and SSN (Wide)
*
Massachusetts Protection of Personal Information: Name and DL
*
Massachusetts Protection of Personal Information: Name and DL (Wide)
*
Massachusetts Protection of Personal Information: Name and CCN
*
Massachusetts Protection of Personal Information: Name and CCN (Wide)
*
Massachusetts Protection of Personal Information: Name and ID
*
Massachusetts Protection of Personal Information: Name and Password (Wide)
*
Massachusetts Protection of Personal Information: Name and Password (Default)
*
Massachusetts Protection of Personal Information: Name and Password (Narrow)
*
Massachusetts Protection of Personal Information: Name with Account and Password
*
Massachusetts Protection of Personal Information: Account and Password
*
Massachusetts Protection of Personal Information: Password Dissemination for HTTP Traffic (Wide)
*
Massachusetts Protection of Personal Information: Password Dissemination for HTTP Traffic (Default)
*
Massachusetts Protection of Personal Information: Password Dissemination for HTTP Traffic (Narrow)
Michigan Identity Theft Protection Act
Michigan HB 4658 of 2007 requires, unless the person or agency determines that the security breach has not or is not likely to cause substantial loss or injury to, or result in identity theft with respect to, one ore more residents of this state, a person or agency that owns or licenses data that are included in a database that discovers a security breach, or receives notice of a security breach, shall provide a notice of the security breach to each resident of this state. The policy detects combinations of Personally Identifiable Information (PII) like social security, credit card, and driver's license numbers. The rules for this policy are:
*
Michigan Identity Theft Protection Act: SSN
*
Michigan Identity Theft Protection Act: SSN with CCN
*
Michigan Identity Theft Protection Act: SSN with Michigan DL
*
Michigan Identity Theft Protection Act: SSN with Account Number
*
Michigan Identity Theft Protection Act: SSN with PIN Number
*
Michigan Identity Theft Protection Act: SSN and Password (Wide)
*
Michigan Identity Theft Protection Act: SSN and Password (Default)
*
Michigan Identity Theft Protection Act: SSN and Password (Narrow)
*
Michigan Identity Theft Protection Act: SSN with DNA profile
Minnesota Data Breach Notification
Minnesota HF 2121 of 2006 requires that any person or business that conducts business in this state, and that owns or licenses data that includes personal information, shall disclose any breach of the security of the system, following discovery or notification of the breach in the security of the data, to any resident of this state whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person. The disclosure must be made in the most expedient time possible and without unreasonable delay, consistent with the legitimate needs of law enforcement, as provided in paragraph (c), or with any measures necessary to determine the scope of the breach, identify the individuals affected, and restore the reasonable integrity of the data system. The policy detects combinations of Personally Identifiable Information (PII) like social security, credit card, and driver's license numbers. The rules for this policy are:
*
Minnesota Data Breach Notification: Name with CCN
*
Minnesota Data Breach Notification: Name with Minnesota driver license
*
Minnesota Data Breach Notification: Name with SSN
*
Minnesota Data Breach Notification: SSN with CCN
*
Minnesota Data Breach Notification: SSN with DNA profile
*
Minnesota Data Breach Notification: SSN with MN driver license
Mississippi Data Breach Notification
Mississippi HB 583 of 2010 requires that consumers are notified promptly if the security of their information has been compromised, and gives the public the right to freeze their credit files if they become a victim of identity theft. The policy detects combinations of Personally Identifiable Information (PII) like social security, credit card, and driver's license numbers. The rules for this policy are:
*
Mississippi Data Breach Notification: Account and Password
*
Mississippi Data Breach Notification: Name and CCN
*
Mississippi Data Breach Notification: Name and Password (Wide)
*
Mississippi Data Breach Notification: Name and Password (Default)
*
Mississippi Data Breach Notification: Name and Password (Narrow)
*
Mississippi Data Breach Notification: Name and SSN
*
Mississippi Data Breach Notification: Password Dissemination for HTTP Traffic (Wide)
*
Mississippi Data Breach Notification: Password Dissemination for HTTP Traffic (Default)
*
Mississippi Data Breach Notification: Password Dissemination for HTTP Traffic (Narrow)
Missouri Breach Notification Law
Missouri HB 62 of 2009 requires that any person that owns or licenses personal information of residents of Missouri or any person that conducts business in Missouri that owns or licenses personal information in any form of a resident of Missouri shall provide notice to the affected consumer that there has been a breach of security, following discovery or notification of the breach. The policy detects combinations of Personally Identifiable Information (PII) like social security, credit card, and driver's license numbers. The rules for this policy are:
*
Missouri Breach Notification Law: Name and SSN
*
Missouri Breach Notification Law: Name and DL
*
Missouri Breach Notification Law: Name and CCN
*
Missouri Breach Notification Law: Name and Password (Wide)
*
Missouri Breach Notification Law: Name and Password (Default)
*
Missouri Breach Notification Law: Name and Password (Narrow)
*
Missouri Breach Notification Law: Password Dissemination for HTTP Traffic (Wide)
*
Missouri Breach Notification Law: Password Dissemination for HTTP Traffic (Default)
*
Missouri Breach Notification Law: Password Dissemination for HTTP Traffic (Narrow)
*
Missouri Breach Notification Law: Account and Password
*
Missouri Breach Notification Law: ICD10 Descriptions and US full names
*
Missouri Breach Notification Law: Name and Sensitive Disease or drug
Montana Data Breach Notification Statute
Montana HB 732 of 2005 requires that any person or business that conducts business in Montana and that owns or licenses computerized data that includes personal information shall disclose any breach of the security of the data system, following discovery or notification of the breach, to any resident of Montana whose unencrypted personal information was or is reasonably believed to have been acquired by an unauthorized person. The policy detects combinations of Personally Identifiable Information (PII) like social security, credit card, and driver's license numbers. The rules for this policy are:
*
Montana Data Breach Notification Statute: Name and SSN
*
Montana Data Breach Notification Statute: Name and DL
*
Montana Data Breach Notification Statute: Name and CCN
*
Montana Data Breach Notification Statute: Name and Password (Wide)
*
Montana Data Breach Notification Statute: Name and Password (Default)
*
Montana Data Breach Notification Statute: Name and Password (Narrow)
*
Montana Data Breach Notification Statute: Password Dissemination for HTTP Traffic (Wide)
*
Montana Data Breach Notification Statute: Password Dissemination for HTTP Traffic (Default)
*
Montana Data Breach Notification Statute: Password Dissemination for HTTP Traffic (Narrow)
*
Montana Data Breach Notification Statute: Account and Password
Nebraska Notification of Data Security Breach Act
Nebraska LB 876, which was signed into law on April 13, 2006, requires that an individual or a commercial entity that conducts business in Nebraska and that owns or licenses computerized data that includes personal information about a resident of Nebraska shall, when it becomes aware of a breach of the security of the system, conduct in good faith a reasonable and prompt investigation to determine the likelihood that personal information has been or will be used for an unauthorized purpose. If the investigation determines that the use of information about a Nebraska resident for an unauthorized purpose has occurred or is reasonably likely to occur, the individual or commercial entity shall give notice to the affected Nebraska resident. Notice shall be made as soon as possible and without unreasonable delay, consistent with the legitimate needs of law enforcement and consistent with any measures necessary to determine the scope of the breach and to restore the reasonable integrity of the computerized data system. The policy detects combinations of Personally Identifiable Information (PII) like social security, credit card, and driver's license numbers. The rules for this policy are:
*
Nebraska Notification of Data Security Breach Act: Account and Password
*
Nebraska Notification of Data Security Breach Act: Name and CCN
*
Nebraska Notification of Data Security Breach Act: Name and Password (Wide)
*
Nebraska Notification of Data Security Breach Act: Name and Password (Default)
*
Nebraska Notification of Data Security Breach Act: Name and Password (Narrow)
*
Nebraska Notification of Data Security Breach Act: Name and SSN
*
Nebraska Notification of Data Security Breach Act: Password Dissemination for HTTP Traffic (Wide)
*
Nebraska Notification of Data Security Breach Act: Password Dissemination for HTTP Traffic (Default)
*
Nebraska Notification of Data Security Breach Act: Password Dissemination for HTTP Traffic (Narrow)
Nevada Security of Personal Information
Nevada SB SB 347 of 2006 requires that data collectors that maintain records that contain personal information of a resident of this state shall implement and maintain reasonable security measures to protect those records from unauthorized access, acquisition, destruction, use, modification, or disclosure. The policy detects combinations of Personally Identifiable Information (PII) like social security, credit card, and driver's license numbers. The rules for this policy are:
*
Nevada Security of Personal Information: Name and SSN
*
Nevada Security of Personal Information: Name and SSN (Wide)
*
Nevada Security of Personal Information: Name and DL
*
Nevada Security of Personal Information: Name and DL (Wide)
*
Nevada Security of Personal Information: Name and CCN
*
Nevada Security of Personal Information: Name and CCN (Wide)
*
Nevada Security of Personal Information: Name and ID
*
Nevada Security of Personal Information: Name and Password (Wide)
*
Nevada Security of Personal Information: Name and Password (Default)
*
Nevada Security of Personal Information: Name and Password (Narrow)
*
Nevada Security of Personal Information: Name with Account and Password
*
Nevada Security of Personal Information: Account and Password
*
Nevada Security of Personal Information: Password Dissemination for HTTP Traffic (Wide)
*
Nevada Security of Personal Information: Password Dissemination for HTTP Traffic (Default)
*
Nevada Security of Personal Information: Password Dissemination for HTTP Traffic (Narrow)
New Hampshire Notice of Security Breach
New Hampshire HB 1660 of 2007 requires businesses who own or license computerized data that includes personal information shall, when they become aware of a security breach, promptly determine the likelihood that the information has been or will be misused. If the determination is that misuse of the information has occurred or is reasonably likely to occur, or if a determination cannot be made, businesses shall notify the affected individuals as soon as possible. Personal information is considered the customer's full name in combination with any of the following: social security number, driver's license number, or financial account information. The policy detects a combination of full names with social security, driver's license, or credit card numbers. Additional rules detect passwords and account numbers. The rules for this policy are:
*
New Hampshire Notice of Security Breach: Name and SSN
*
New Hampshire Notice of Security Breach: Name and DL
*
New Hampshire Notice of Security Breach: Name and CCN
*
New Hampshire Notice of Security Breach: Name and Password (Wide)
*
New Hampshire Notice of Security Breach: Name and Password (Default)
*
New Hampshire Notice of Security Breach: Name and Password (Narrow)
*
New Hampshire Notice of Security Breach: Password Dissemination for HTTP Traffic (Wide)
*
New Hampshire Notice of Security Breach: Password Dissemination for HTTP Traffic (Default)
*
New Hampshire Notice of Security Breach: Password Dissemination for HTTP Traffic (Narrow)
*
New Hampshire Notice of Security Breach: Account and Password
New Jersey Personal Information and Privacy Protection Act
New Jersey A 4001 requires that any business or public entity required under this section to disclose a breach of security of a customer's personal information shall, in advance of the disclosure to the customer, report the breach of security and any information pertaining to the breach to the Division of State Police in the Department of Law and Public Safety for investigation or handling, which may include dissemination or referral to other appropriate law enforcement entities. The policy detects combinations of Personally Identifiable Information (PII) like social security, credit card, and driver's license numbers. The rules for this policy are:
*
New Jersey Personal Information and Privacy Protection Act: SSN with CCN
*
New Jersey Personal Information and Privacy Protection Act: CCN with NJ Driver License
*
New Jersey Personal Information and Privacy Protection Act: Password Dissemination for HTTP Traffic (Wide)
*
New Jersey Personal Information and Privacy Protection Act: Password Dissemination for HTTP Traffic (Default)
*
New Jersey Personal Information and Privacy Protection Act: Password Dissemination for HTTP Traffic (Narrow)
*
New Jersey Personal Information and Privacy Protection Act: Password Dissemination for non-HTTP/S Traffic (Wide)
*
New Jersey Personal Information and Privacy Protection Act: Password Dissemination for non-HTTP/S Traffic (Default)
*
New Jersey Personal Information and Privacy Protection Act: Password Dissemination for non-HTTP/S Traffic (Narrow)
New Mexico Data Breach Notification Act
New Mexico HB 15 of 2017 requires that any person that is licensed to maintain or possess computerized data containing personal identifying information of a New Mexico resident that the person does not own or license shall notify the owner or licensee of the information of any security breach in the most expedient time possible. The policy detects combinations of Personally Identifiable Information (PII) like social security, credit card, and driver's license numbers. The rules for this policy are:
*
New Mexico Data Breach Notification Act: Account and Password
*
New Mexico Data Breach Notification Act: DNA profile
*
New Mexico Data Breach Notification Act: Name and CCN
*
New Mexico Data Breach Notification Act: Name and Password (Wide)
*
New Mexico Data Breach Notification Act: Name and Password (Default)
*
New Mexico Data Breach Notification Act: Name and Password (Narrow)
*
New Mexico Data Breach Notification Act: Name and SSN
*
New Mexico Data Breach Notification Act: Password Dissemination for HTTP Traffic (Wide)
*
New Mexico Data Breach Notification Act: Password Dissemination for HTTP Traffic (Default)
*
New Mexico Data Breach Notification Act: Password Dissemination for HTTP Traffic (Narrow)
New York Data Security Act
New York A 4254 of 2005 provides that in the event of unauthorized access to "private information," defined as personal information in combination with a social security number, driver's license, or an account or credit card number, the business or state entity is required to notify affected customers and inform appropriate authorities. The policy detects combinations of Personally Identifiable Information (PII) like social security, credit card, and driver's license numbers. The rules for this policy are:
*
New York Data Security Act: SSN: with NY driver license
*
New York Data Security Act: SSN with CCN
*
New York Data Security Act: Name with SSN
*
New York Data Security Act: Name with New-York driver license
*
New York Data Security Act: Name with CCN
*
New York Data Security Act: SSN with DNA profile
North Carolina Identity Theft Protection Act
North Carolina SB 1048 of 2005 requires that any business that owns or licenses personal information of residents of North Carolina or any business that conducts business in North Carolina that owns or licenses personal information in any form (whether computerized, paper, or otherwise) shall provide notice to the affected person that there has been a security breach, following discovery or notification of the breach. The policy detects combinations of Personally Identifiable Information (PII) like social security, credit card, and driver's license numbers. The rules for this policy are:
*
North Carolina Identity Theft Protection Act: Name and SSN
*
North Carolina Identity Theft Protection Act: Name and DL
*
North Carolina Identity Theft Protection Act: Name and CCN
North Dakota Data Breach Notification
North Dakota Data Breach Notification, amended in 2017 by HB 1088, requires any person that owns or licenses computerized data that includes personal information, to disclose any breach of the security system, following discovery or notification of the breach in the security of the data, to any resident of the state whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person. The policy detects combinations of Personally Identifiable Information (PII) like social security, credit card, and driver's license numbers. The rules for this policy are:
*
North Dakota Data Breach Notification: Account and Password
*
North Dakota Data Breach Notification: Name and CCN
*
North Dakota Data Breach Notification: Name and Password (Wide)
*
North Dakota Data Breach Notification: Name and Password (Default)
*
North Dakota Data Breach Notification: Name and Password (Narrow)
*
North Dakota Data Breach Notification: Name and SSN
*
North Dakota Data Breach Notification: Password Dissemination for HTTP Traffic (Wide)
*
North Dakota Data Breach Notification: Password Dissemination for HTTP Traffic (Default)
*
North Dakota Data Breach Notification: Password Dissemination for HTTP Traffic (Narrow)
Ohio Data Security Breach Notification Law
Ohio HB 104 of 2005 requires that any person that owns or licenses computerized data that includes personal information shall disclose any breach of the security of the system, following its discovery or notification of the breach of the security of the system, to any resident of this state whose personal information was, or reasonably is believed to have been, accessed and acquired by an unauthorized person if the access and acquisition by the unauthorized person causes, or is reasonably believed will cause, a material risk of identity theft or other fraud to the resident. The policy detects combinations of Personally Identifiable Information (PII) like social security, credit card, and driver's license numbers. The rules for this policy are:
*
Ohio Data Security Breach Notification Law: Name and SSN
*
Ohio Data Security Breach Notification Law: Name and DL
*
Ohio Data Security Breach Notification Law: Name and CCN
*
Ohio Data Security Breach Notification Law: Name and Password (Wide)
*
Ohio Data Security Breach Notification Law: Name and Password (Default)
*
Ohio Data Security Breach Notification Law: Name and Password (Narrow)
*
Ohio Data Security Breach Notification Law: Password Dissemination for HTTP Traffic (Wide)
*
Ohio Data Security Breach Notification Law: Password Dissemination for HTTP Traffic (Default)
*
Ohio Data Security Breach Notification Law: Password Dissemination for HTTP Traffic (Narrow)
Oklahoma Security Breach Notification Act
Oklahoma HB 2357 of 2006 requires that if you maintain, as part of a database, a consumer's name and other personal identification numbers (i.e., SSN, driver's license, credit card, or financial information with a personal security code) that such information must be encrypted or redacted so that in the event of a breach, such information cannot be obtained and used by a third party. The policy detects combinations of Personally Identifiable Information (PII) like social security, credit card, and driver's license numbers. The rules for this policy are:
*
Oklahoma Security Breach Notification Act: Name and SSN
*
Oklahoma Security Breach Notification Act: Name and DL
*
Oklahoma Security Breach Notification Act: Name and CCN
*
Oklahoma Security Breach Notification Act: Name and Password (Wide)
*
Oklahoma Security Breach Notification Act: Name and Password (Default)
*
Oklahoma Security Breach Notification Act: Name and Password (Narrow)
*
Oklahoma Security Breach Notification Act: Password Dissemination for HTTP Traffic (Wide)
*
Oklahoma Security Breach Notification Act: Password Dissemination for HTTP Traffic (Default)
*
Oklahoma Security Breach Notification Act: Password Dissemination for HTTP Traffic (Narrow)
*
Oklahoma Security Breach Notification Act: Account and Password
Oregon Consumer Identity Theft Protection Act
Oregon SB 583 of 2007 requires that a person that owns or licenses personal information that the person uses in the course of the person's business, vocation, occupation, or volunteer activities and that was subject to a breach of security shall give notice of the breach of security to a) the consumer to whom the personal information pertains; b) the Attorney General, either in writing or electronically, if the number of consumers to whom the person must send the notice exceeds 250. The policy detects combinations of Personally Identifiable Information (PII) like social security, credit card, and driver's license numbers. Additional rules detect passwords and account numbers.The rules for this policy are:
*
Oregon Consumer Identity Theft Protection Act: Name and SSN
*
Oregon Consumer Identity Theft Protection Act: Name and DL
*
Oregon Consumer Identity Theft Protection Act: Name and CCN
*
Oregon Consumer Identity Theft Protection Act: Name and Password (Wide)
*
Oregon Consumer Identity Theft Protection Act: Name and Password (Default)
*
Oregon Consumer Identity Theft Protection Act: Name and Password (Narrow)
*
Oregon Consumer Identity Theft Protection Act: Password Dissemination for HTTP Traffic (Wide)
*
Oregon Consumer Identity Theft Protection Act: Password Dissemination for HTTP Traffic (Default)
*
Oregon Consumer Identity Theft Protection Act: Password Dissemination for HTTP Traffic (Narrow)
*
Oregon Consumer Identity Theft Protection Act: Account and Password
Pennsylvania Breach of Personal Information Notification Act
Pennsylvania SBG 712 of 2006 requires that an entity that maintains, stores, or manages computerized data that includes personal information shall provide notice of any breach of the security of the system, following discovery of the breach of the security of the system, to any resident of this Commonwealth whose unencrypted and unredacted personal information was or is reasonably believed to have been accessed and acquired by an unauthorized person. The policy detects combinations of Personally Identifiable Information (PII) like social security, credit card, and driver's license numbers. The rules for this policy are:
*
Pennsylvania Breach of Personal Information Act: Name and SSN
*
Pennsylvania Breach of Personal Information Act: Name and DL
*
Pennsylvania Breach of Personal Information Act: Name and CCN
*
Pennsylvania Breach of Personal Information Act: Name and Password (Wide)
*
Pennsylvania Breach of Personal Information Act: Name and Password (Default)
*
Pennsylvania Breach of Personal Information Act: Name and Password (Narrow)
*
Pennsylvania Breach of Personal Information Act: Account and Password
*
Pennsylvania Breach of Personal Information Act: Password Dissemination for HTTP Traffic (Wide)
*
Pennsylvania Breach of Personal Information Act: Password Dissemination for HTTP Traffic (Default)
*
Pennsylvania Breach of Personal Information Act: Password Dissemination for HTTP Traffic (Narrow)
Puerto Rico Data Breach Notification
The Puerto Rico Citizen Information of Data Banks Security Act, originally HB 1184, signed into law in 2005, requires that any entity that is the proprietor or custodian of a data bank for commercial use that includes personal information of citizens who reside in Puerto Rico must notify said citizens of any violation of the system's security when the data bank whose security has been violated contains all or part of the personal information file and the same is not protected by a cryptographic code, but only by a password. The policy detects combinations of Personally Identifiable Information (PII) like social security, credit card, and driver's license numbers. The rules for this policy are:
*
Puerto Rico Data Breach Notification: Account and Password
*
Puerto Rico Data Breach Notification: Name and CCN
*
Puerto Rico Data Breach Notification: Name and Password (Wide)
*
Puerto Rico Data Breach Notification: Name and Password (Default)
*
Puerto Rico Data Breach Notification: Name and Password (Narrow)
*
Puerto Rico Data Breach Notification: Name and SSN
*
Puerto Rico Data Breach Notification: Password Dissemination for HTTP Traffic (Wide)
*
Puerto Rico Data Breach Notification: Password Dissemination for HTTP Traffic (Default)
*
Puerto Rico Data Breach Notification: Password Dissemination for HTTP Traffic (Narrow)
Rhode Island Identity Theft Protection Act
Rhode Island HB 6191 of 2006 requires that any municipal agency, state agency, or person that stores, owns, collects, processes, maintains, acquires, uses, or licenses data that includes personal information shall provide notification as set forth in this section of any disclosure of personal information, or any breach of the security of the system, that poses a significant risk of identity theft to any resident of Rhode Island whose personal information was, or is reasonably believed to have been, acquired by an unauthorized person or entity. The policy detects combinations of Personally Identifiable Information (PII) like social security, credit card, and driver's license numbers. The rules for this policy are:
*
Rhode Island Identity Theft Protection Act: Name and SSN
*
Rhode Island Identity Theft Protection Act: Name and DL
*
Rhode Island Identity Theft Protection Act: Name and CCN
*
Rhode Island Identity Theft Protection Act: Name and Password (Wide)
*
Rhode Island Identity Theft Protection Act: Name and Password (Default)
*
Rhode Island Identity Theft Protection Act: Name and Password (Narrow)
*
Rhode Island Identity Theft Protection Act: Password Dissemination for HTTP Traffic (Wide)
*
Rhode Island Identity Theft Protection Act: Password Dissemination for HTTP Traffic (Default)
*
Rhode Island Identity Theft Protection Act: Password Dissemination for HTTP Traffic (Narrow)
*
Rhode Island Identity Theft Protection Act: Account and Password
South Carolina Data Breach Notification
South Carolina SB 453 of 2008 requires that a person conducting business in this state, and owning or licensing computerized data or other data that includes personal identifying information, shall disclose a breach of the security of the system, following discovery or notification of the breach in the security of the data, to a resident of this State whose personal identifying information that was not rendered unusable through encryption, redaction, or other methods was, or is reasonably believed to have been, acquired by an unauthorized person when the illegal use of the information has occurred or is reasonably likely to occur, or use of the information creates a material risk of harm to the resident. The disclosure must be made in the most expedient time possible and without unreasonable delay, consistent with the legitimate needs of law enforcement, as provided in subsection (C), or with measures necessary to determine the scope of the breach and restore the reasonable integrity of the data system. The policy detects combinations of Personally Identifiable Information (PII) like social security, credit card, and driver's license numbers. The rules for this policy are:
*
South Carolina Data Breach Notification: Account and Password
*
South Carolina Data Breach Notification: Name and CCN
*
South Carolina Data Breach Notification: Name and Password (Wide)
*
South Carolina Data Breach Notification: Name and Password (Default)
*
South Carolina Data Breach Notification: Name and Password (Narrow)
*
South Carolina Data Breach Notification: Name and SSN
*
South Carolina Data Breach Notification: Password Dissemination for HTTP Traffic (Wide)
*
South Carolina Data Breach Notification: Password Dissemination for HTTP Traffic (Default)
*
South Carolina Data Breach Notification: Password Dissemination for HTTP Traffic (Narrow)
South Dakota Medical Records Law
Section 44:73:09:03 of the Administrative Rules of South Dakota requires there shall be written policies and procedures to govern the administration and activities of the medical record service. They shall include policies and procedures pertaining to the confidentiality and safeguarding of medical records, the record content, continuity of a resident's medical records during subsequent admissions, requirements for completion of the record, and the entries to be made by various authorized personnel. The policy detects combinations of Personally Identifiable Information (PII) like social security, credit card, and driver's license numbers. The rules for this policy are:
*
South Dakota Medical Records Law: ICD9 Code and Name
*
South Dakota Medical Records Law: ICD9 Description and Name
*
South Dakota Medical Records Law: ICD10 Code and Name
*
South Dakota Medical Records Law: ICD10 Description and Name
*
South Dakota Medical Records Law: Name and Common Medical Condition
*
South Dakota Medical Records Law: Name and HICN
*
South Dakota Medical Records Law: Name and MBI (Default)
*
South Dakota Medical Records Law: Name and MBI (Wide)
*
South Dakota Medical Records Law: Name and Sensitive Disease or Drug
*
South Dakota Medical Records Law: Name and SSN
Tennessee Data Breach Notification
Tennessee HB 2170 of 2005 requires that any information holder shall disclose any breach of the security of the system, following discovery or notification of the breach in the security of the data, to any resident of Tennessee whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person. The disclosure shall be made in the most expedient time possible and without unreasonable delay, consistent with the legitimate needs of law enforcement, as provided in subsection (d), or any measures necessary to determine the scope of the breach and restore the reasonable integrity of the data system. The policy detects combinations of Personally Identifiable Information (PII) like social security, credit card, and driver's license numbers. The rules for this policy are:
*
Tennessee Data Breach Notification: Name and SSN
*
Tennessee Data Breach Notification: Name and DL
*
Tennessee Data Breach Notification: Name and CCN
*
Tennessee Data Breach Notification: Name and Password (Wide)
*
Tennessee Data Breach Notification: (Default)
*
Tennessee Data Breach Notification: (Narrow)
*
Tennessee Data Breach Notification: Password Dissemination for HTTP Traffic (Wide)
*
Tennessee Data Breach Notification: Password Dissemination for HTTP Traffic (Default)
*
Tennessee Data Breach Notification: Password Dissemination for HTTP Traffic (Narrow)
*
Tennessee Data Breach Notification: Account and Password
Texas Identity Theft Enforcement and Protection Act
Texas SB 122 of 2005 requires businesses to implement and maintain reasonable procedures, including taking any appropriate corrective action, to protect from unlawful use or disclosure of any sensitive personal information collected or maintained by the business in the regular course of business. The policy detects combinations of Personally Identifiable Information (PII) like social security, credit card, and driver's license numbers. The rules for this policy are:
*
Texas Identity Theft Enforcement and Protection Act: SSN: with Texas driver license
*
Texas Identity Theft Enforcement and Protection Act: SSN with CCN
*
Texas Identity Theft Enforcement and Protection Act: Name with SSN
*
Texas Identity Theft Enforcement and Protection Act: Name with Texas driver license
*
Texas Identity Theft Enforcement and Protection Act: Name with CCN
*
Texas Identity Theft Enforcement and Protection Act: SSN with DNA profile
Utah Protection of Personal Information Act
Utah SB 69 of 2007 requires that 1) any person who conducts business in the state and maintains personal information shall implement and maintain reasonable procedures to prevent unlawful use or disclosure of personal information collected or maintained in the regular course of business. 2) a person who owns or licenses computerized data that includes personal information concerning a Utah resident shall, when the person becomes aware of a breach of system security, conduct in good faith a reasonable and prompt investigation to determine the likelihood that personal information has been or will be misused for identity theft or fraud purposes. The policy detects combinations of Personally Identifiable Information (PII) like social security, credit card, and driver's license numbers. The rules for this policy are:
*
Utah Protection of Personal Information Act: SSN with CCN
*
Utah Protection of Personal Information Act: CCN with Utah Driver License
*
Utah Protection of Personal Information Act: SSN and Account number and Password
*
Utah Protection of Personal Information Act: Password Dissemination for HTTP Traffic (Wide)
*
Utah Protection of Personal Information Act: Password Dissemination for HTTP Traffic (Default)
*
Utah Protection of Personal Information Act: Password Dissemination for HTTP Traffic (Narrow
*
Utah Protection of Personal Information Act: Password Dissemination for non-HTTP/S Traffic (Wide)
*
Utah Protection of Personal Information Act: Password Dissemination for non-HTTP/S Traffic (Default)
*
Utah Protection of Personal Information Act: Password Dissemination for non-HTTP/S Traffic (Narrow)
Vermont Security Breach Notice Act
Vermont S 284 of 2007 requires any data collector that owns or licenses computerized personally identifiable information that includes personal information concerning a consumer shall notify the consumer that there has been a security breach following discovery or notification to the data collector of the breach. The policy detects combinations of Personally Identifiable Information (PII) like social security, credit card, and driver's license numbers. The rules for this policy are:
*
Vermont Security Breach Notice Act: Account and Password
*
Vermont Security Breach Notice Act: Name and CCN
*
Vermont Security Breach Notice Act: Name and Password (Wide)
*
Vermont Security Breach Notice Act: Name and Password (Default)
*
Vermont Security Breach Notice Act: Name and Password (Narrow)
*
Vermont Security Breach Notice Act: Name and SSN
*
Vermont Security Breach Notice Act: Password Dissemination for HTTP Traffic (Wide)
*
Vermont Security Breach Notice Act: Password Dissemination for HTTP Traffic (Default)
*
Vermont Security Breach Notice Act: Password Dissemination for HTTP Traffic (Narrow)
Virginia Data Breach Notification
Virginia SB 307 of 2008 requires that an individual or entity that maintains computerized data that includes personal information that the individual or entity does not own or license shall notify the owner or licensee with information about any breach of the security of the system without unreasonable delay following discovery of the breach of the security of the system, if the personal information was accessed and acquired by an unauthorized person or the individual or entity reasonable believes the personal information was accessed and acquired by an unauthorized person. The policy detects combinations of Personally Identifiable Information (PII) like social security, credit card, and driver's license numbers. The rules for this policy are:
*
Virginia Data Breach Notification: Name and SSN
*
Virginia Data Breach Notification: Name and DL
*
Virginia Data Breach Notification: Name and CCN
Washington Data Breach Notification
Washington SB 6043 requires any person or entity who conducts business in the state, and who, in the course of such business, owns or licenses computerized or other electronic data that includes personal information, and who discovers a breach of the security of the system, shall promptly notify any resident whose personal information was included in the breach. The policy detects combinations of Personally Identifiable Information (PII) like social security, credit card, and driver's license numbers. The rules for this policy are:
*
Washington Data Breach Notification: SSN: with WA driver license
*
Washington Data Breach Notification: SSN with CCN
*
Washington Data Breach Notification: Name with SSN
*
Washington Data Breach Notification: Name with Washington driver license
*
Washington Data Breach Notification: Name with CCN
*
Washington Data Breach Notification: SSN with DNA profile
West Virginia Consumer Credit and Protection Act
West Virginia SB 340 of 2008 requires that an individual or entity that owns or licenses computerized data that includes personal information shall give notice of any breach of the security of the system, following discovery or notification of the breach of the security of the system, to any resident of this state whose unencrypted and unredacted personal information was, or is reasonably believed to have been, accessed and acquired by an unauthorized person and that causes, or the individual or entity reasonably believes has caused or will cause, identity theft or other fraud to any resident of this state. The policy detects combinations of Personally Identifiable Information (PII) like social security, credit card, and driver's license numbers. The rules for this policy are:
*
West Virginia Consumer Credit and Protection Act: Account and Password
*
West Virginia Consumer Credit and Protection Act: Name and CCN
*
West Virginia Consumer Credit and Protection Act: Name and Password (Wide)
*
West Virginia Consumer Credit and Protection Act: Name and Password (Default)
*
West Virginia Consumer Credit and Protection Act: Name and Password (Narrow)
*
West Virginia Consumer Credit and Protection Act: Name and SSN
*
West Virginia Consumer Credit and Protection Act: Password Dissemination for HTTP Traffic (Wide)
*
West Virginia Consumer Credit and Protection Act: Password Dissemination for HTTP Traffic (Default)
*
West Virginia Consumer Credit and Protection Act: Password Dissemination for HTTP Traffic (Narrow)
Wisconsin Data Breach Notification
Wisconsin SB 164, signed into law in 2006 as Wisconsin Notice of Unauthorized Acquisition of Personal Information, states that if an entity whose principal place of business is located in this state or an entity that maintains or licenses personal information in this state knows that personal information in the entity's possession has been acquired by a person whom the entity knows has not been authorized to acquire the personal information, the entity shall make reasonable efforts to notify each subject of the personal information. The policy detects combinations of Personally Identifiable Information (PII) like social security, credit card, and driver's license numbers. The rules for this policy are:
*
Wisconsin Data Breach Notification: SSN with CCN
*
Wisconsin Data Breach Notification: SSN with Wisconsin DL
*
Wisconsin Data Breach Notification: SSN with Account Number
*
Wisconsin Data Breach Notification: SSN with PIN Number
*
Wisconsin Data Breach Notification: SSN and Password (Wide)
*
Wisconsin Data Breach Notification: SSN and Password (Default)
*
Wisconsin Data Breach Notification: SSN and Password (Narrow)
*
Wisconsin Data Breach Notification: SSN with DNA profile
Wyoming Data Breach Notification
Wyoming Computer Security Breach related act, amended by SF 35 and 36 in 2015, requires that any person or business that conducts business in Wyoming and that owns or licenses computerized data that includes personal information shall disclose any breach of the security of the data system, following discovery or notification of the breach, to any resident of Wyoming whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person. The policy detects combinations of Personally Identifiable Information (PII) like social security, credit card, and driver's license numbers. The rules for this policy are:
*
Wyoming Data Breach Notification: Account and Password
*
Wyoming Data Breach Notification: Name and CCN
*
Wyoming Data Breach Notification: Name and Password (Wide)
*
Wyoming Data Breach Notification: Name and Password (Default)
*
Wyoming Data Breach Notification: Name and Password (Narrow)
*
Wyoming Data Breach Notification: Name and SSN
*
Wyoming Data Breach Notification: Password Dissemination for HTTP Traffic (Wide)
*
Wyoming Data Breach Notification: Password Dissemination for HTTP Traffic (Default)
*
Wyoming Data Breach Notification: Password Dissemination for HTTP Traffic (Narrow)
US and Canada Federal Regulations
Predefined Policies and Classifiers | Forcepoint DLP | 8.8
The following regulations apply to both the United States and Canada:
*
Check 21 Act
*
Children's Online Privacy Act (COPPA)
*
Controlled Unclassified Information (CUI)
*
DIACAP
*
Export Administration Regulations (EAR)
*
FCRA
*
FDA - 21 CFR
*
FERC and NERC
*
FERPA
*
FFIEC
*
FISMA
*
GLBA
*
HIPAA
*
ITAR
*
MITS
*
Risk Management Framework (RMF) for DoD Information Technology (IT)
*
Sarbanes-Oxley Act (SOX)
Check 21 Act
The Check Clearing for the 21st Century Act (Check 21) is a Federal law designed to foster innovation in the payments system and to enhance its efficiency by reducing some of the legal impediments to check truncation. The policy detects TIFF files, widely used for scanned checks. The rule for this policy is:
*
Check 21: TIFF Format
Children's Online Privacy Act (COPPA)
The Children's Online Privacy Protection Act of 1998 (COPPA) is a United States federal law applied to the online collection of personal information by persons or entities under U.S. jurisdiction from children under 13 years of age. The policy detects combinations of personal information with age information that indicates that the person's age is less than 13, based on explicit age or date of birth. The rules for this policy are:
*
COPPA: PII of Children (Wide)
*
COPPA: PII of Children (Default)
Controlled Unclassified Information (CUI)
Policy for detecting files that contain controlled unclassified information, based on CUI markings. Some US regulations, for example, the Department of Defense's "Defense Federal Acquisition Regulation Supplement" (DFARS) to the American Federal Acquisition Regulation (FAR), require contractors and subcontractors to safeguard covered information, marked by Controlled Unclassified Information (CUI). The rules for this policy are:
*
Controlled Unclassified Information: Banner Marking (Wide)
*
Controlled Unclassified Information: Banner Marking (Default)
*
Controlled Unclassified Information: Banner Marking (Narrow)
*
Controlled Unclassified Information: Portion Marking (Wide)
*
Controlled Unclassified Information: Portion Marking (Default)
*
Controlled Unclassified Information: Portion Marking (Narrow)
DIACAP
The DoD Information Assurance Certification and Accreditation Process (DIACAP) is the US Department of Defense process to ensure the management of risks on Information Systems (IS). The policy is applied to information systems of DoD-related units and contractors. The DLP aspect of the policy applies to combinations of Personally Identifiable Information (like social security number or credit card number) with sensitive private information, such as health conditions, names of crimes, and ethnicities, to promote compliance with DoD Privacy Program (DoD 5400.11-R) and Privacy of Health Information in DoD Health Care (DoD 6025.18). Additional rules detect confidential information about the corporate network, and confidential documents, according to DoD 8520.1 - Protection of Sensitive Compartmented Information (SCI). This regulation was deprecated in 2014 and replaced by "Risk Management Framework for DoD Information Technology". The transition to the new regulation must be done before the end of 2016. The rules for this policy are:
*
DIACAP: DoD 5400.11-R - Name and Crime
*
DIACAP: DoD 5400.11-R - Name and Ethnicity
*
DIACAP: DoD 5400.11-R - Name and SSN
*
DIACAP: DoD 5400.11-R - SSN and Crime
*
DIACAP: DoD 5400.11-R - SSN and Ethnicity
*
DIACAP: DoD 6025.18 - CCN and Sensitive Disease or drug
*
DIACAP: DoD 6025.18 - Name and Common Medical Condition (Default)
*
DIACAP: DoD 6025.18 - Name and Common Medical Condition (Narrow)
*
DIACAP: DoD 6025.18 - Name and Sensitive Disease (Default)
*
DIACAP: DoD 6025.18 - Name and Sensitive Disease (Narrow)
*
DIACAP: DoD 6025.18 - SSN and Sensitive Disease or Drug
*
DIACAP: DoD 8520.1 - Confidential Document
*
DIACAP: DoD 8520.1 - Proprietary in Header or Footer
*
DIACAP: DoD 8520.1 - Password Dissemination for HTTP Traffic (Wide)
*
DIACAP: DoD 8520.1 - Password Dissemination for HTTP Traffic (Default)
*
DIACAP: DoD 8520.1 - Password Dissemination for HTTP Traffic (Narrow)
*
DIACAP: DoD 8520.1 - Password Dissemination for non-HTTP/S Traffic (Wide)
*
DIACAP: DoD 8520.1 - Password Dissemination for non-HTTP/S Traffic (Default)
*
DIACAP: DoD 8520.1 - Password Dissemination for non-HTTP/S Traffic (Narrow)
*
DIACAP: Network Information and Security (Pattern and IP)
*
DIACAP: Network Information and Security (Textual Pattern)
Export Administration Regulations (EAR)
The Export Administration Regulations (EAR) are issued by the United States Department of Commerce, and control also the usage of "dual purpose" items (i.e., commercial products that can also be used for military purposes.) The definition of "Export" includes disclosing or transferring technical data to a foreign person whether in the U.S. or abroad. The policy comprises rules for detection of probable EAR-regulated information, such as chemical formulas, information pertaining encryption technology and confidential documents. The rules for this policy are:
*
EAR: CAD Files: Abaqus ODB File
*
 
*
EAR: CAD Files: Autodesk Design Web File
*
EAR: CAD Files: Autodesk Maya Binary File
*
EAR: CAD Files: Autodesk Maya Textual File
*
EAR: CAD Files: Catia File
*
EAR: CAD Files: Corel Draw File
*
EAR: CAD Files: DWG File
*
EAR: CAD Files: DXF Binary File
*
EAR: CAD Files: DXF Textual File
*
EAR: CAD Files: IGS Textual File
*
EAR: CAD Files: JT File
*
EAR: CAD Files: Nastran OP2 File
*
EAR: CAD Files: PTC Creo ASM File
*
EAR: CAD Files: PTC Creo DRW File
*
EAR: CAD Files: PTC Creo FRM File
*
EAR: CAD Files: PTC Creo PRT File
*
EAR: CAD Files: Siemens NX PRT File
*
EAR: CAD Files: SolidWorks File
*
EAR: CAD Files: STL Binary File
*
EAR: CAD Files: STL Textual File
*
EAR: CAD Files: STP File
*
EAR: CAD Files: WHIP File
*
EAR: CAD Files: X_T Textual File
*
EAR: Chemicals and Materials (Default)
*
EAR: Chemicals and Materials (Narrow)
*
EAR: Chemicals and Materials (Wide)
*
EAR: Confidential Document
*
EAR: Encryption Technologies (Default)
*
EAR: Encryption Technologies (Narrow)
*
EAR: Encryption Technologies (Wide)
*
EAR: Laser and Microelectronics (Default)
*
EAR: Laser and Microelectronics (Narrow)
*
EAR: Laser and Microelectronics (Wide)
*
EAR: Microorganisms and Toxins (Default)
*
EAR: Microorganisms and Toxins (Narrow)
*
EAR: Microorganisms and Toxins (Wide)
*
EAR: Microsoft Visio File
*
EAR: Military Technologies (Default)
*
EAR: Military Technologies (Narrow)
*
EAR: Military Technologies (Wide)
*
EAR: Nuclear Technologies (Default)
*
EAR: Nuclear Technologies (Narrow)
*
EAR: Nuclear Technologies (Wide)
*
EAR: Proprietary in Document
*
EAR: Python (Default)
*
EAR: Python (Wide)
*
EAR: Space Technologies (Default)
*
EAR: Space Technologies (Narrow)
*
EAR: Space Technologies (Wide)
*
EAR: C Family or Java (Default)
*
EAR: C Family or Java (Wide)
FCRA
The Fair Credit Reporting Act ("FCRA") is a United States federal law. The Act is designed to help ensure that consumer reporting agencies act fairly, impartially, and with respect for the consumer's right to privacy when preparing consumer reports on individuals. The policy comprises rules for detection of personal financial information. The rules for this policy are:
*
FCRA: SSN and Personal Finance Terms
*
FCRA: DL and Personal Finance Terms
*
FCRA: SSN and Account
*
FCRA: DL and Account
*
FCRA: CCN: All Credit Cards
*
FCRA: Credit Card Magnetic Strips
*
FCRA: Name and Personal Finance Terms
FDA - 21 CFR
Title 21 Part 11 of the Code of Federal Regulations (CFR) deals with the FDA guidelines on electronic records and electronic signatures in the United States. Part 11 requires drug makers, medical device manufacturers, biotech companies, biologics developers, and other FDA-regulated industries, with some specific exceptions, to implement controls, including audits, system validations, audit trails, electronic signatures, and documentation for software and systems involved in processing electronic data that are (a) required to be maintained by the FDA predicate rules or (b) used to demonstrate compliance to a predicate rule. The rules for this policy are:
*
FDA 21 CFR: Clinical Trials
*
FDA 21 CFR: Controlled Drugs
*
FDA 21 CFR: DICOM
*
FDA 21 CFR: DNA Sequence
*
FDA 21 CFR: Name and Common Medical Condition (Default)
*
FDA 21 CFR: Name and Common Medical Condition (Narrow)
*
FDA 21 CFR: Password Dissemination for HTTP Traffic (Wide)
*
FDA 21 CFR: Password Dissemination for HTTP Traffic (Default)
*
FDA 21 CFR: Password Dissemination for HTTP Traffic (Narrow)
*
FDA 21 CFR: Protein Sequence (Default)
*
FDA 21 CFR: Protein Sequence (Narrow)
FERC and NERC
Policy to promote compliance with the requirements imposed by the Federal Energy Regulatory Commission (FERC) and the North American Electric Reliability Council (NERC) to protects Critical Energy Infrastructure Information (CEII). The policy detects sensitive Energy Infrastructure Information, such as natural gas pipeline flow diagrams, various drawing and schemes files and FERC forms 567 and 715. The rules for this policy are:
*
FERC and NERC: CAD Files: DWG File
*
FERC and NERC: CAD Files: DXF Binary File
*
FERC and NERC: CAD Files: DXF Textual File
*
FERC and NERC: CAD Files: IGS Textual File
*
FERC and NERC: CAD Files: JT File
*
FERC and NERC: CAD Files: PTC Creo ASM File
*
FERC and NERC: CAD Files: PTC Creo DRW File
*
FERC and NERC: CAD Files: PTC Creo FRM File
*
FERC and NERC: CAD Files: PTC Creo PRT File
*
FERC and NERC: CAD Files: SolidWorks File
*
FERC and NERC: CAD Files: STL Binary File
*
FERC and NERC: CAD Files: STL Textual File
*
FERC and NERC: CAD Files: STP File
*
FERC and NERC: CAD Files: WHIP File
*
FERC and NERC: CAD Files: X_T Textual File
*
FERC and NERC: Disclaimer
*
FERC and NERC: Form 567
*
FERC and NERC: Form 715
*
FERC and NERC: Microsoft Visio
*
FERC and NERC: Pipeline Flow Diagram
FERPA
The Family Educational Rights and Privacy is a US Federal law that protects the privacy of student education records. The law applies to all schools that receive funds under an applicable program of the U.S. Department of Education. The policy detects combinations of Personally Identifiable Information (PII) like social security number or driver license number, and sensitive private information such as grades, health conditions, and names of crimes and ethnicities. The rules for this policy are:
*
FERPA: Driver License and Common Medical Condition
*
FERPA: Driver License and Ethnicities
*
FERPA: Driver License and Grades
*
FERPA: Driver License and Sensitive Disease or drug
*
FERPA: Name and Common Medical Condition (Default)
*
FERPA: Name and Common Medical Condition (Narrow)
*
FERPA: Name and Sensitive Disease or drug (Default)
*
FERPA: Name and Sensitive Disease or drug (Narrow)
*
FERPA: SSN and Common Medical Condition
*
FERPA: SSN and Ethnicities
*
FERPA: SSN and Grades
*
FERPA: SSN and Sensitive Disease or drug
FFIEC
The Federal Financial Institutions Examination Council (FFIEC) is a formal interagency body empowered to prescribe uniform principles, standards, and report forms for the Federal examination of financial institutions by the Board of Governors of the Federal Reserve System (FRB), the Federal Deposit Insurance Corporation (FDIC), the National Credit Union Administration (NCUA), the Office of the Comptroller of the Currency (OCC), and the Office of Thrift Supervision (OTS) and to make recommendations to promote uniformity in the supervision of financial institutions
The rules for this policy are:
*
FFIEC: 5-8 Digit Account Number
*
FFIEC: 9 Digit Account Number
*
FFIEC: 10 Digit Account Number
*
FFIEC: Credit Card Magnetic Strip
*
FFIEC: Credit Card Number
*
FFIEC: Driver License
*
FFIEC: Password Dissemination for HTTP Traffic (Wide)
*
FFIEC: Password Dissemination for HTTP Traffic (Default)
*
FFIEC: Password Dissemination for HTTP Traffic (Narrow)
*
FFIEC: Password Dissemination for non-HTTP/S Traffic (Wide)
*
FFIEC: Password Dissemination for non-HTTP/S Traffic (Default)
*
FFIEC: Password Dissemination for non-HTTP/S Traffic (Narrow)
*
FFIEC: PIN
*
FFIEC: Social Security Number
*
FFIEC: TIFF File
*
FFIEC: Zip Code and Financial Term
FISMA
The Federal Information Security Management Act of 2002 ("FISMA") imposes a mandatory set of processes that must be followed for all information systems used or operated by a US federal agency or by a contractor or other organization on behalf of a US Government agency. The policy detects combinations of Personally Identifiable Information (PII) like social security number or credit card number, with sensitive private information, such as health conditions, names of crimes, and ethnicities. Additional rules detect confidential information about the corporate network, and confidential documents. The rules for this policy are:
*
FISMA: CCN and Crime
*
FISMA: CCN and Ethnicity
*
FISMA: CCN and Sensitive Disease or Drug
*
FISMA: Confidential in Document
*
FISMA: Proprietary in Document
*
FISMA: Network Information and Security (Pattern and IP)
*
FISMA: Network Information and Security (Textual Pattern)
*
FISMA: Password Dissemination for HTTP Traffic (Wide)
*
FISMA: Password Dissemination for HTTP Traffic (Default)
*
FISMA: Password Dissemination for HTTP Traffic (Narrow)
*
FISMA: Password Dissemination for non-HTTP/S Traffic (Wide)
*
FISMA: Password Dissemination for non-HTTP/S Traffic (Default)
*
FISMA: Password Dissemination for non-HTTP/S Traffic (Narrow)
*
FISMA: SSN and Crime
*
FISMA: SSN and Ethnicity
*
FISMA: SSN and Sensitive Disease or Drug
GLBA
The Financial Modernization Act of 1999, also known as the "Gramm-Leach-Bliley Act" or GLB Act, is a U.S. Federal regulation that includes provisions to protect consumers' personal financial information held by financial institutions. The policy contains rules to detect accounts, credit cards, and social security numbers. The policy comprises rules for detection of personal financial information and other personal information. The rules for this policy are:
*
GLBA: CCN (Default)
*
GLBA: CCN (Narrow)
*
GLBA: Name and 5-8 Digit Account Numbers
*
GLBA: Name and 9-Digit Account Numbers
*
GLBA: Name and 10-Digit Account Numbers
*
GLBA: Name and Contact Information
*
GLBA: Name and Personal Finance Terms
*
GLBA: Name and Sensitive Disease or Drug (Default)
*
GLBA: Name and Sensitive Disease or Drug (Narrow)
*
GLBA: Name and SSN
*
GLBA: RTN/ABA (Wide)
*
GLBA: RTN/ABA (Default)
*
GLBA: RTN/ABA (Narrow)
*
GLBA: SSN and Account
*
GLBA: SSN and Personal Finance Terms
HIPAA
The Health Insurance Portability and Accountability Act is a US Federal law that specifies a series of administrative, technical, and physical safeguards, organizational and documentation requirements for covered entities to use to assure the availability, confidentiality, and integrity of electronically protected health information. The policy detects combinations of Personally Identifiable Information (PII) like name, social security or credit card number, and protected health information (PHI). The rules for this policy are:
*
HIPAA: Credit Card Number and Common Medical Condition
*
HIPAA: Credit Card Number and Sensitive Disease or Drug
*
HIPAA: DICOM
*
HIPAA: DNA Profile (Default)
*
HIPAA: DNA Profile (Narrow)
*
HIPAA: DOB and Name (Wide)
*
HIPAA: DOB and Name (Default)
*
HIPAA: ICD9 Code and Description
*
HIPAA: ICD9 Code and Name
*
HIPAA: ICD9 Description and Name
*
HIPAA: ICD10 Code and Description
*
HIPAA: ICD10 Code and Name
*
HIPAA: ICD10 Description and Name
*
HIPAA: Medical Form (Wide)
*
HIPAA: Medical Form (Default)
*
HIPAA: Medical Form (Narrow)
*
HIPAA: Name and Common Medical Condition (Default)
*
HIPAA: Name and Common Medical Condition (Narrow)
*
HIPAA: Name and Contact Information
*
HIPAA: Name and MBI (Default)
*
HIPAA: Name and MBI (Wide)
*
HIPAA: Name and HICN
*
HIPAA: Name and Sensitive Disease or Drug (Default)
*
HIPAA: Name and Sensitive Disease or Drug (Narrow)
*
HIPAA: NDC Number (Wide)
*
HIPAA: NDC Number (Default)
*
HIPAA: NDC Number (Narrow)
*
HIPAA: SPSS Text File
*
HIPAA: SSN and Common Medical Condition
*
HIPAA: SSN and Sensitive Disease or Drug
ITAR
The ITAR regulation for industry and government regulates dissemination of encryption, space, military and nuclear technology, along with source code. The rules for this policy are:
*
ITAR: C family or Java Source Code
*
ITAR: Confidential in Header or Footer
*
ITAR: Encryption Technologies (Default)
*
ITAR: Encryption Technologies (Narrow)
*
ITAR: Encryption Technologies (Wide)
*
ITAR: Military Technologies (Default)
*
ITAR: Military Technologies (Narrow)
*
ITAR: Military Technologies (Wide)
*
ITAR: Nuclear Technologies (Default)
*
ITAR: Nuclear Technologies (Narrow)
*
ITAR: Nuclear Technologies (Wide)
*
ITAR: Proprietary in Header or Footer
*
ITAR: Python (Default)
*
ITAR: Python (Wide)
*
ITAR: Space Technologies (Default)
*
ITAR: Space Technologies (Narrow)
*
ITAR: Space Technologies (Wide)
*
ITAR: SPICE Source code
*
ITAR: Technical Drawing files
*
ITAR: Verilog Source code
*
ITAR: VHDL Source Code
*
ITAR:SPICE Source code (Berkeley version)
MITS
The Management of Information Technology Security (MITS) standard defines baseline security requirements that Canadian federal departments must fulfill to ensure the security of information and information technology (IT) assets under their control. The DLP aspect of the policy applies to combinations of Personally Identifiable Information (like social insurance number or credit card number) with sensitive private information, such as health conditions, to promote compliance with the Canadian Privacy Impact Assessment mandated by MITS. Additional rules detect confidential information about the corporate network, and confidential documents, to promote compliance with the Canadian Government Security Policy. The rules for this policy are:
*
MITS: Confidential Document
*
MITS: Proprietary in Document
*
MITS: Network Information and Security (Pattern and IP)
*
MITS: Network Information and Security (Textual Pattern)
*
MITS: Password Dissemination for HTTP Traffic (Wide)
*
MITS: Password Dissemination for HTTP Traffic (Default)
*
MITS: Password Dissemination for HTTP Traffic (Narrow)
*
MITS: Password Dissemination for non-HTTP/S Traffic (Wide)
*
MITS: Password Dissemination for non-HTTP/S Traffic (Default)
*
MITS: Password Dissemination for non-HTTP/S Traffic (Narrow)
*
MITS: SIN and CCN
*
MITS: SIN and Common Medical Condition
*
MITS: SIN and Sensitive Disease or Drug
*
MITS: Social Insurance Number
Risk Management Framework (RMF) for DoD Information Technology (IT)
The Risk Management Framework is a United States federal government policy and standards to help secure information systems developed by National Institute of Standards and Technology (NIST). The two main publications that cover the details of RMF are NIST Special Publication 800-37, "Guide for Applying the Risk Management Framework to Federal Information Systems", and NIST Special Publication 800-53, "Security and Privacy Controls for Federal Information Systems and Organizations". DoD instruction 8510.01 defines the Risk Management Framework for DoD Information Technology. The rules for this policy are:
*
RMF for DoD IT: CCN and Sensitive Disease or Drug
*
RMF for DoD IT: Confidential Document
*
RMF for DoD IT: Name and Common Medical Condition (Default)
*
RMF for DoD IT: Name and Common Medical Condition (Narrow)
*
RMF for DoD IT: Name and Crime
*
RMF for DoD IT: Name and Ethnicity
*
RMF for DoD IT: Name and Sensitive Disease (Default)
*
RMF for DoD IT: Name and Sensitive Disease (Narrow)
*
RMF for DoD IT: Name and SSN
*
RMF for DoD IT: Network Information and Security (Pattern and IP)
*
RMF for DoD IT: Network Information and Security (Textual Pattern)
*
RMF for DoD IT: Password Dissemination for HTTP Traffic (Wide)
*
RMF for DoD IT: Password Dissemination for HTTP Traffic (Default)
*
RMF for DoD IT: Password Dissemination for HTTP Traffic (Narrow)
*
RMF for DoD IT: Password Dissemination for non-HTTP/S Traffic (Wide)
*
RMF for DoD IT: Password Dissemination for non-HTTP/S Traffic (Default)
*
RMF for DoD IT: Password Dissemination for non-HTTP/S Traffic (Narrow)
*
RMF for DoD IT: Proprietary in Header or Footer
*
RMF for DoD IT: SSN and Crime
*
RMF for DoD IT: SSN and Ethnicity
*
RMF for DoD IT: SSN and Sensitive Disease or Drug
Sarbanes-Oxley Act (SOX)
The Sarbanes-Oxley Act (SOX) mandates public companies to comply with its requirements. This act provides strict guidelines for ensuring corporate governance and control policies for information within publicly traded companies. The Forcepoint SOX-related policy promotes compliance with the data protection aspects of SOX by detecting audit terms and SEC 10-K and 10-Q reports. The rules for this policy are:
*
SOX: Form 10-K (Non-Standard Fiscal Year)
*
SOX: Form 10-K (Standard Fiscal Year)
*
SOX: Form 10-Q (Non-Standard Fiscal Year)
*
SOX: Form 10-Q (Standard Fiscal Year)
*
SOX: SOX-Related Term

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Forcepoint DLP Predefined Policies and Classifiers : Data Loss Prevention policies : Content Protection
Copyright 2020 Forcepoint. All rights reserved.