Personally Identifiable Information is the type of data that all organizations hold, from HR data to customer data. It is a favorite target of thieves because it doesn’t change much and presents broad opportunities for identity theft.
Regulations
The California Consumer Protection Act (CCPA) went into effect on January 1, 2020, and holds companies liable for protection, privacy, and transparency around their use of PII. Similar to GDPR regulations in Europe, these measures represent the future of PII regulation and risk. ALTR protects PII at-rest using next-generation tokenization techniques, forcing those who need access to come in through applications, where ALTR tracks and governs all credentialed access. ALTR provides vital support for compliance:
Privacy regulations require detailed, high-integrity reporting of who is accessing personal data, when, from where, and why.
CCPA 1978.100, 1978.300 / GDPR Article 15
Access to personal data can be limited to certain audiences and curtailed when individuals request it.
CCPA 1978.120, 1978.135 / GDPR, Article 18
Managers can ensure that the enterprise is complying with CCPA through highly tamper-resistant processing oversight, and share their reporting with regulators.
CCPA 1978.115 / GDPR Article 30
ALTR integrates into the application, providing controls that are embedded in the critical path of the data. This not only ensures policy enforcement, but also delivers compliance using an approach favored by regulators.
CCPA 1978.150 / GDPR Article 25