The regulatory risk around possession of PII, PHI, and PCI data continues to grow with CCPA, GDPR, and other coming legislation that outlines the burden and the consequences of a compromise or exposure of private data. All regulations require that companies be able to report not only on their compliance with statutes (CCPA 1978.115 / GDPR Article 30) but also to individuals who have requested details about their data use (CCPA 1978.100, 1978.300 / GDPR Article 15).
ALTR is installed into the critical path of data and is able to see and record every piece of sensitive data that is accessed, including details about who accessed it and why. This record is stored offsite in a tamper-resistant cloud vault that leverages blockchain-derived technology to ensure its integrity.
Most applications, both in their use and in development, contain privacy leaks that expose unauthorized users and developers to private data. This source of risk can place companies in violation of a wide array of statutes from CCPA to HIPAA to the PCI DSS, and the economic consequences of those violations can pile up quickly.
ALTR’s data access governance as a service can mask data dynamically as it is accessed in order to preserve application function while allowing compliance and security experts to configure policies that stop privacy leaks in real time.
Companies must use sensitive data to serve their customers, but even simply possessing that data immediately creates costly regulatory requirements. The evolution of those requirements is unpredictable and ever-changing.
ALTR decreases the compliance burden by tokenizing and removing sensitive data from scope and storing it in a cloud vault. As a PCI DSS Level 1 Service Provider, ALTR helps companies with payment data comply with PCI every day, and extends that same strategy to PII and PHI.