Coviant Software

Data Protection and Compliance

Compliance Briefs

Do you want to design a file transfer process that is secure? Or one that is compliant? Of course, the answer is “both”.

Good business practice dictates data protection for you, your customers, and your business partners — including data-in-motion. But, even the best security practices do not alleviate the need to comply with regulations and standards that can carry high contractual, civil, and criminal penalties. Plus, the indirect loss of faith of your customers or business partners can have an incalculable impact on your bottom line.


The Health Insurance Portability and Accountability Act (HIPAA) established national standards for the security of electronic health care information with both civil and criminal penalties for non-compliance by covered entitles, such as hospitals or physician practices. The HITECH Act of 2009 extended these penalties beyond covered entities to their business associates and established more rigorous enforcement policies.

PCI DSS (Payment Card Industry Data Security Standard)

PCI DSS is an assessment tool for use during compliance audits. It enhances payment account data security and help organizations proactively protect customer account data. It was developed and is maintained by the major credit card companies and facilitates the adoption of consistent data security for credit card data. Each entity that has a relationship with a credit card company, financial institution, or their agents must provide compliance validation documentation.

SOX (Sarbanes-Oxley)

SOX mandates that all publicly-traded organizations demonstrate due diligence in the disclosure of financial information. Each organization must also implement internal controls and procedures to protect financial data from unauthorized access, including access that could occur through file transfers.

State Privacy Laws

In addition to Federal regulations, forty-six states, the District of Columbia, Puerto Rico and the Virgin Islands have enacted legislation requiring notification of security breaches involving personal information. Many of which impose both civil and criminal sanctions for failure to comply. The Massachusetts privacy law is one of the most stringent laws and applies to all organizations doing business with residents of Massachusetts