Data compliance that you need
Protect your data and comply with industry regulations effortlessly with Sealit. International data compliance has never been easier. Sealit is built on the Zero Trust security model that makes sure that no one, not even Sealit can access your data.
Absolute control
At our core we enable organizations to select where and how their data will be stored. You can also select the country where your encryption keys will be hosted.
Flexibility in your data
Sealit’s encryption works whether data is stored on your servers or moving between stakeholders. With Sealit you have full control over your data.
Activity monitoring
Sealit allows you to monitor and access alerts and analytics for potentially suspicious activity to minimize your vulnerability to threats and secure greater peace of mind.
EU General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) is a privacy law that was created by the European Union (EU) and came into effect on May 25th, 2018. It affects all companies that collect information from citizens of the EU. GDPR is one of the most expensive compliance regulations when it comes to fines. As of January 2020, GDPR has collected over $126 million in fines with the biggest fine being 50 million euros paid out by Google. Failure to comply with GDPR requirements can result in fines of up to 20 million euros or up to 4% of the offending company’s annual revenue, whichever is greater. GDPR consists of multiple requirements for compliance.
The most notable requirement from security is privacy by design, which requires that company systems be constructed with privacy in mind. This requires that companies have a solution for implementing encryption across the environment and having secure means of sending and receiving emails that contain PII.
Sealit is assessed as GDPR compliant by Ametros Group
California Consumer Privacy Act (CCPA)
The California Consumer Privacy Act (CCPA) is a compliance regulation that is designed to protect California residents by giving them more control over the personal information that businesses can collect from them. This regulation applies to for-profit businesses that do Business in California and meet any of the following requirements:
1) At least $25 million in gross annual revenue
2) Buy, receive or sell the personal information of 50,000 or more California residents, households, or devices
3) Derive 50% or more of their annual revenue from selling California residents’ personal information.
CCPA gives California residents several rights that businesses must adhere to. This includes the right to opt-out of sale, the right to know what information has been collected on them, the right to be notified prior to collection, and the right to non-discrimination for enforcing their CCPA rights. An intentional violation of CCPA can bring civil penalties of up to $7500 for each violation while other violations can result in violations of up to $2500 per violation. On top of this CCPA gives California residents the right to sue for up to $750 per incident if there is a data breach and their information is leaked in an unencrypted and non-redacted form. For that reason it’s key for businesses to ensure that client information is encrypted at all times so if any unwanted access to their system occurs, all confidential details would be in an unusable format and a data breach won’t be possible.
Health Insurance Portability and Accountability Act (HIPAA)
The Health Insurance Portability & Accountability Act (HIPAA) is a law that was passed by Congress in 1996. The security and privacy aspect of HIPAA is overseen by the US department of health and human services and it’s a compliance regulation to protect customer health information commonly referred to as protected health information (PHI). This regulation affects all companies that collect or process any PHI in the United States. Failure to meet HIPAA compliance can result in fines up to $50,000 per violation or exposed patient records up to a maximum of $1.5 million per year. HIPAA consists of three main rules:
1) The HIPAA Privacy Rule
2) The HIPAA Security Rule
3) The HIPAA Enforcement Rule.
To maintain HIPAA compliance you are required to have the proper technical safeguards in place to ensure that PHI is properly protected at all times. Implementing Sealit throughout your organization will give you peace of mind as it makes sure that HIPAA requirements are met thanks to secure email communication and file protection.
Need a BAA agreement? Contact us
Schrems II
This is a verdict issued by the Court of Justice of the EU that ruled that the EU-US Protection shield, which is a framework for regulating transatlantic exchanges of personal information between the EU and the United States is considered invalid. It was considered invalid due to concerns about surveillance by the United States and other law enforcement agencies.
What this means for businesses is that many companies must find new secure ways to transfer data from the United States to the EU and vice versa. The ruling also dictates that European companies must conduct individual assessments of each data transfer to a non-EU country to ensure compliance. Failure to comply with this verdict will constitute a breach of GDPR compliance and therefore companies can be fined under GDPR, which equates to up to 20 million euros or up to 4% of the offending company’s annual revenue, whichever is greater. To ensure compliance companies must find a solution that allows for secure transatlantic communications.