Philippines Data Privacy Act of 2012 Compliance

Technical Security Requirements

Section 28 of the rules, entitled Guidelines for Technical Security Measures, offers the following direction:

Where appropriate, personal information controllers and personal information processors shall adopt and establish the following technical security measures:

a. A security policy with respect to the processing of personal data;

b. Safeguards to protect their computer network against accidental, unlawful or unauthorized usage, any interference which will affect data integrity or hinder the functioning or availability of the system, and unauthorized access through an electronic network;

...

d. Regular monitoring for security breaches, and a process both for identifying and accessing reasonably foreseeable vulnerabilities in their computer networks, and for taking preventive, corrective, and mitigating action against security incidents that can lead to a personal data breach;

...

g. Encryption of personal data during storage and while in transit, authentication process, and other technical security measures that control and limit access.

Thales eSecurity Compliance Solutions

The following Thales eSecurity solutions can help you comply with the Technical Security Requirements outlined in the “Regulation” section.

The Vormetric Data Security Platform

The Vormetric Data Security Platform is an extensible infrastructure that delivers centralized key and policy management for a suite of data security solutions that secure your organization’s sensitive and regulated data wherever it resides. The result is low total cost of ownership, as well as simple, efficient deployment and operation.

Vormetric Data Security Manager

The Vormetric Data Security Manager from Thales eSecurity offers centralized management of keys and policies for the entire suite of products available within the Vormetric Data Security Platform. The product is available as a physical or virtual appliance.

Vormetric Transparent Encryption

Vormetric Transparent Encryption from Thales eSecurity provides file and volume level data-at-rest encryption and integrated, secure key management with a best practices implementation. Access controls extend protection from data breaches by limiting data access to only authorized personnel and programs. And data access monitoring provides the security intelligence information required to identify accounts that may represent a threat because of a malicious insider, or a compromise of account credentials by malware.

Security Intelligence Logs

Vormetric Security Intelligence Logs from Thales eSecurity can deliver granular file access logs to popular security information and event management (SIEM) systems and be used to support audits.

Vormetric Application Encryption

Vormetric Application Encryption from Thales eSecurity adds another layer of protection, enabling organizations to easily build encryption capabilities into internal applications at the field and column level.

Vormetric Tokenization with Dynamic Masking

Vormetric Tokenization with Dynamic Masking lets administrators establish policies to return an entire field tokenized or dynamically mask parts of a field. With the solution’s format-preserving tokenization capabilities, managers can restrict access to sensitive assets, yet at the same time, format the protected data in a way that enables many users to do their jobs.