Legal compliance and
information security

Safeguard customer information and avoid fines

With a worldwide trend to strengthening of data security law and hefty fines for non-compliance, it’s never been more important to protect sensitive data.

Encryption is increasingly relied upon to deliver increased safeguarding of information from breach. ScramFS makes this easy and cost effective.

Helps meet legal compliance obligations

Businesses and institutions around the world face compliance obligations. The protection and security of data collected from citizens is a current focus point in cyber security, especially given the increasing number of high profile data breaches

Many obligations can be efficiently and effectively met through encryption using ScramFS.

Encryption is mandated in many situations - for example in the Telecommuications (Interception and Access) Act in Australia. ScramFS plays a direct and valuable role in achieving compliance.

Other laws such as GDPR in Europe don't directly mandate encryption, but specifically reference encryption as a highly desirable measure to safeguard information. In particular, a leak of encrypted data is not regarded as a breach of data, does not need to be reported and consequently mitigates the risk of fines and penalties.

General Data Protection
Regulation (GDPR)
Safeguarding the private
information of EU citizens
Health Insurance Portability
and Accountability Act (HIPAA)
Safeguarding patient
medical information
(Interception and Access)
Amendment (Data Retention) Act 2015
Safeguarding metadata
The Personal Information Protection and Electronic Documents Act (PIPEDA) Safeguarding personal information collected by private sector organizations
Personal Data Protection Act (PDPA) Safeguarding personal information from unauthorised access

Fines are real and growing – a UK case study

Even before the introduction of GDPR, fines issued in the UK for data breaches have issued regularly by the UK Information Commissoner’s Office (ICO) and Financial Services Authority (FSA).

A PwC study showed a doubling in the number of fines for breaches of UK data protection laws issued in 2016 over the prior year, with the UK Information Commissioner’s Office (ICO) issuing 35 fines totalling £3.2m.

Telecoms provider TalkTalk was fined £400,000 for failing to safeguard its customer information. TalkTalk was subject to a cyber attack, but the ICO said that TalkTalk “could have been prevented if TalkTalk had taken basic steps to protect customers’ information.”

The ICO further stated, “Yes, hacking is wrong, but that is not an excuse for companies to abdicate their security obligations. TalkTalk should and could have done more to safeguard its customer information.”

The UK Financial Services Authority (FSA) has also issued fines for breaches in information security.

It issued a fine of £980,000 to Nationwide Building Society in 2007 for “failing to have effective systems and controls to manage its information security risks.” A laptop, containing sensitive personal information, was stolen from an employee’s home, potentially exposing its customers to an increased risk of financial crime.

In 2010, the UK branch of Zurich Insurance Plc was fined £2,275,000 for “failing to have adequate systems and controls in place to prevent the loss of customers’ confidential information.” An outsourced contractor lost an unencrypted backup tape during a routine transfer to a data storage centre.

The penalties for data breaches and non-compliance with legal regulations will become far harsher with the introduction of GDPR. The maximum penalties for non-compliance will skyrocket to €20 million, or 4% of worldwide revenue, whichever is greater.

ScramFS, through its world class peer-reviewed encryption, provides an easy way to encrypt unstructured file data on a large scale. This makes it ideal to help in ensuring legal compliance and avoiding fines.

What makes ScramFS ideal for helping with legal compliance issues?

Traditionally, encryption has been regarded my many as difficult, and this has greatly hindered its adoption. ScramFS transforms this situation dramatically.

  • Easy implementation: thanks to its different interfaces, including the Command Line Interface for system administrators, Application Programming Interface for developers, and file system mount for non-encryption aware applications.
  • Lightweight: ScramFS is a single installable software package that requires no additional servers, hardware or software infrastructure.
  • Scalable: start small and grow big, there’s no limit to how much or little data that can be encrypted.

We usually recommend that organisations start with a proof-of-concept, which you can do using our trial version.

Please contact us to discuss your requirements and to see if ScramFS can help.

Send us a message

The field is required.

Cant read the image? click here to refresh