DataPrivy - Data Security and Compliance

Understanding your data sensitivity in the cloud, one scan at a time

DataPrivy is a powerful tool designed to help organizations discover sensitive data stored in their Amazon S3 buckets and PostgreSQL databases, ensure compliance with privacy regulations, and protect their most valuable information assets.

Key Features

Comprehensive Data Source Scanning

Automatically scan Amazon S3 buckets and PostgreSQL databases to identify files and database records containing sensitive information.

Detailed Scan Results

Get comprehensive reports that identify sensitive data categories, compliance violations, and data sensitivity levels across your S3 storage and database systems.

Scheduled Scans

Set up regular automated scans to continuously monitor your data across S3 buckets and PostgreSQL databases to maintain compliance with evolving regulations.

Compliance Reporting

Choose from a variety of compliance configurations to generate reports for regulations like GDPR, HIPAA, and CCPA.

DataPrivy can help your organization meet global compliance regulations.

EUROPEAN UNION

General Data Protection Regulation (GDPR)

Comprehensive regulation that protects EU citizens' personal data and privacy. DataPrivy can identify GDPR-relevant data and helps ensure your compliance by detecting personally identifiable information, sensitive personal data, and data subject to special category protections.

UNITED STATES - HEALTHCARE

HIPAA

Critical for health insurers, HIPAA protects patient health information from unauthorized disclosure. DataPrivy scans your databases and storage for protected health information (PHI), helping insurance companies identify HIPAA-regulated data in claims processing systems, customer records, and third-party data exchanges to prevent costly violations.

UNITED STATES

California Consumer Privacy Act (CCPA)

Enhances privacy rights for California residents, including the right to know what personal information is collected. DataPrivy helps identify data subject to CCPA requirements, enabling you to respond to consumer requests and maintain compliance.

UNITED STATES

California Privacy Rights Act (CPRA)

Expands upon CCPA with additional consumer rights and business obligations. DataPrivy helps organizations meet CPRA's stricter requirements for sensitive personal information, data minimization principles, and enhanced consumer rights to correct inaccurate personal information.

UNITED STATES - INSURANCE

NAIC Insurance Data Security Model Law

Adopted by many states, this law establishes standards for data security and breach notification specifically for insurance companies. DataPrivy helps insurers meet requirements for information security programs, risk assessments, and data classification, ensuring sensitive policyholder information is properly identified and protected.

UNITED STATES - FINANCIAL

Gramm-Leach-Bliley Act (GLBA)

Requires financial institutions including insurance companies to explain their information-sharing practices and safeguard sensitive data. DataPrivy helps insurers maintain GLBA compliance by identifying and categorizing nonpublic personal information (NPI) across cloud systems, supporting both the Privacy Rule and Safeguards Rule requirements for protecting customer information.

How DataPrivy Works

DataPrivy works by leveraging AWS Lambda functions to scan both S3 buckets and PostgreSQL databases for sensitive information. When a user initiates a scan or when an automated schedule triggers one, the system deploys serverless Lambda functions that analyze the content using direct matching and fuzzy string approximation techniques, identifying personal data, financial information, health records, and other sensitive data types.

Results are then categorized, mapped to relevant compliance regulations (like GDPR, HIPAA, and PCI DSS), and presented in an intuitive dashboard that helps organizations take action to protect their data and maintain regulatory compliance.

Frequently Asked Questions

What types of sensitive data can DataPrivy detect?

DataPrivy operates on column string matching and fuzzy string approximation. This means that it can detect any type of sensitive data specified in the configuration files without actually reading the data itself. DataPrivy relies on the structure of files and databases to identify potential sensitive information patterns.

Is my data secure during the scanning process?

Yes, DataPrivy operates entirely within your AWS Cloud environment and never pulls the actual data. It uses pattern matching and structural analysis to identify potential sensitive data locations without extracting or storing the sensitive information itself.

Which compliance regulations does DataPrivy help with?

DataPrivy helps with various regulations including GDPR, CCPA/CPRA, PCI-DSS, HIPAA, SOX, and other data protection and privacy regulations by identifying where sensitive data subject to these regulations might exist in your storage.

How often should I scan my data sources?

The frequency depends on your data usage patterns. For environments with frequent data changes, weekly scans may be appropriate. For more static environments, monthly scans might be sufficient. Critical storage containing sensitive information should be scanned more frequently.

What file formats and data structures can DataPrivy scan?

DataPrivy currently works with CSV files in S3 buckets and with RDS PostgreSQL databases. The system is designed to analyze structured data where column names and patterns can be matched against configuration rules to identify sensitive information.