New consumer data privacy laws are cropping up through out the US. Just like the European Union’sĀ General Data Protection Regulation (GDPR), these Acts force the hand of many (but not all) organizations to protect consumers’ data privacy rights.
Privacy Acts aim to safeguard consumer privacy and it doesn’t just mean names and addresses, but also Credit card numbers, Real names, Postal addresses, Social security numbers, Demographics, Income or similar information, Browsing history and search history, Age, and so on.
So, What Happens if we Fail to Comply with these New Privacy Laws?
Under one of the Acts, civil penalties start at $2,500 per violation for non-compliance that is deemed unintentional. For intentional non-compliance, those fines jump to as much as $7,500 per violation. Moreover, consumers can bring an action for statutory damages in the event of a data breach caused by the organization’s failure to implement reasonable security procedures for consumers’ personal information.
As you can see, the repurcussions of non-compliance are substantial.
How does Oracle Data Safe help you become compliant?
Oracle Data Safe is a unified control center for your Oracle databases which helps you understand the sensitivity of your data, evaluate risks to data, mask sensitive data, implement and monitor security controls, assess user security, monitor user activity, and address data security compliance requirements.
So, if you are an Oracle database customer, you can take advantage of three key features of Data Safe – Data Discovery, Activity Auditing and Data Masking. Right out of the box, Data Safe will identify the following types of sensitive data for you –
- Identification Information: Includes sensitive types for national, personal, and public identifiers. Examples are US Social Security Number (SSN), Visa Number, and Full Name.
- Biographic Information: Includes sensitive types for address, family data, extended PII, and restricted processing data. Examples are Full Address, Mother’s Maiden Name, Date of Birth, and Religion.
- IT Information: Includes sensitive types for user IT data and device data. Examples are User ID, password, and IP Address.
- Financial Information: Includes sensitive types for payment card data and bank account data. Examples are Card Number, Card Security PIN, and Bank Account Number.
- Healthcare Information: Includes sensitive types for health insurance data, healthcare provider data, and medical data. Examples include Health Insurance Number, Healthcare Provider, and Blood Type.
- Employment Information: Includes sensitive types for employee basic data, organization data, and compensation data. Examples are Job Title, Termination Date, Income, and Stock.
- Academic Information: Includes sensitive types for student basic data, institution data, and performance data. Examples are Financial Aid, College Name, Grade, and Disciplinary Record.
Although Oracle Data Safe provides an extensive set of predefined sensitive types, you can also create custom sensitive types to meet your specific requirements. For a user-defined sensitive type, you can assign a default masking format, which should be used to mask the columns discovered using this sensitive type.
Once you have discovered all your sensitive data, you can actively audit it or even purge in some cases if you are not required by law to hold on to it. You can use Oracle Data Safe’s Activity Auditing feature to accomplish this.
For non-production environments, you can use the Data Masking feature of Data Safe. Data masking, also known as static data masking, is the process of permanently replacing sensitive data with fictitious yet realistic looking data. It helps you generate realistic and fully functional data with similar characteristics as the original data to replace sensitive or confidential information.
Contact me if you would like to see a demo.