How to Do Data Classification at Scale

One of the important points we make in our recently published Information Entropy report is that you can’t just decide you have intellectual property, issue NDAs to employees, and leave it at that. Confidential information requires real ongoing work on the company’s part. This is especially true for a class of IP known as trade…

And One More Thing about the HIPAA Omnibus Rule: Breach Notification Gets Tweaked

The HIPAA Omnibus Final Rule is a long document with dense legalese. As we’ve been pointing out, a few key provisions should be on the top of your compliance list now that the new regulations are in effect.  But there are also some subtle points that haven’t received as much attention. For example, the rules concerning…

New Zealand’s Leaky Servers Highlight the Need for Information Governance

How a Permissions Report Could Have Plugged the Hole in New Zealand’s Leaky Servers Earlier this week, Keith Ng blogged about a massive security hole in the New Zealand Ministry of Social Development’s (MSD) network.  He was able to walk up to a public kiosk in the Work and Income office and—without cracking a password or…

Data Classification Tips – Finding Legal Data

In our previous post, we introduced 4 regular expressions that help us locate credit card numbers.  Today, we’ve got a few more handy RegExes for your data classification library. This time we’re targeting legal data. Find “All Rights Reserved” NOT near your company name Regular expression: \b(?!all rights reserved\W+(?:\w+\W+){1,10}?acme)all rights reserved\b Use case: you want…

Data Classification Tips: Finding Credit Card Numbers

4 Useful Regular Expressions and Algorithm Combinations for Finding Credit Card Numbers Data classification is a critical piece of the data governance puzzle.  In order to be successful at governing data, you have to know—at all times—where your sensitive data is concentrated, unencrypted, and potentially overexposed. One of the standard ways to find sensitive data…