Key Takeaways HIPAA gives organizations flexibility on encryption, but the conditions for opting out are strict enough that most can’t meet them. NIST sets the technical bar: AES-256 for stored data, TLS 1.3 for data in motion. Getting encryption right can mean the difference between a contained incident and a public, regulated breach. Encryption is […]
What Is PHI in Healthcare and How to Stay HIPAA Compliant
Key Takeaways Protected Health Information (PHI) is health information that can identify an individual and is held or transmitted by a covered entity or business associate. The same data can be PHI in one context and not another. Who holds it matters as much as what it says. HIPAA’s 18 identifiers define what to remove […]
PII Compliance: How to Get It Right + Checklist
Key Takeaways PII compliance is a set of rules that govern how organizations collect, store, use, and dispose of personally identifiable information. There’s no single law that defines it. Depending on your industry and location, GDPR, HIPAA, CCPA, FERPA, FINRA rules, or several of these may apply. Organizations are expected to know what personal data […]
What Law Establishes PII? A Guide to U.S. PII Laws and Regulations
Key Takeaways U.S. privacy law has no single authority. PII protection is split across multiple federal, state, and international frameworks, and which ones apply to you depends on your industry, your data, and where you operate. State legislatures are filling the gaps that federal law leaves open. California led the way with CCPA, but the […]
What Is PII? A Complete Guide to Personally Identifiable Information
Key Takeaways PII (Personally Identifiable Information) is any data that can identify an individual, alone or in combination with other data. PII information is divided into two categories: direct identifiers (high-risk, identify someone on their own) and indirect identifiers (lower-risk individually, but identifying when combined). Major privacy laws governing PII include GDPR, HIPAA, and CCPA. […]
Downsides of Email Stubbing – 5 Reasons to Avoid It in Email Archiving
Email stubbing sounds like a smart trade-off: move data out of your mailbox, keep a pointer in its place, and free up server space without disrupting the user experience. Clean, simple, efficient. The problem is that it rarely works out that way. Despite being widely adopted in the early days of email archiving, stubbing has […]
Everything You Need to Know to Ensure FIPPA Compliance
If you work for a Canadian provincial or territorial public institution, you’ve likely come across the Freedom of Information and Protection of Privacy Act (FIPPA) and its implications for compliance. But what exactly does FIPPA involve, and how can your organization meet its obligations? In this article, you’ll learn: What FIPPA is and how it […]
Cloud Archiving Solution vs. On-Premise Archive Storage
Data archiving is essential for organizations to meet compliance standards, optimize storage, and streamline access to historical records. But businesses often face a dilemma — should they invest in on-premises archiving or opt for a cloud solution? This article breaks down the differences, financing models, benefits, and trends to help you make an informed decision. […]
Data Retention Policy Explained: A Comprehensive Overview
Data is one of the most precious resources in the world today. Some even consider it more valuable than oil. It’s so valuable that almost all data being generated and exchanged is being stored by businesses for various purposes. But, there are certain laws governing what your organization can do with data, and even more […]
Microsoft Exchange Archiving vs. Third-Party Tools
Despite advancements in communication tools, email remains the most widely used business communication channel across industries. Microsoft Exchange continues to dominate the enterprise email space, with many organizations relying on its built-in Exchange archive functionality to manage email retention. However, while Exchange archive features offer basic storage and retention, they aren’t designed with regulatory compliance, […]
