Data breach notification laws

Data breach notification laws

Thales’ CipherTrust data security platform enables safe harbour from data breach notification laws and fines.

Protecting your organisation from data breach notification requirements


Governments around the world have adopted data breach notification laws that require any person, business or state agency that collects and stores personal customer information to notify individuals when their unencrypted personal information was, or is reasonably believed to have been, put at risk by a data security breach.

If found to be in non-compliance, organisations will be required to publicly disclose breaches and face potential class-action lawsuits.

Thales can help protect your organisation from the consequences of a data breach through a data-centric focus on security around personal information, including:

  • Encryption of personal data wherever it resides
  • Policy-based access controls
  • Monitoring data access to detect compromise


  • Regulation
  • Compliance

Data breach disclosure laws widespread

National data breach disclosure laws include the UK Data Protection ActEU General Data Protection Regulation (GDPR)South Korea’s Personal Information Protection ActAustralian Privacy Act and others.

Prevention of data breaches a complex task

Data breach protection and prevention is not as simple as implementing hardware level disk encryption or OS level encryption within systems. Attacks are increasingly able to penetrate perimeter defences, compromise accounts and mine data without targets even being aware of the attack. With this kind of activity, simple encryption schemes won’t prevent a data breach – attackers will access accounts that allow them to decrypt and extract personal data. Driving this are criminal groups willing and able to pay for stolen personal information that has direct monetary value.

Data breach protection requires a data-centric focus

A data-centric focus on preventing the loss of personal information in order to comply with data breach disclosure laws requires:

  • Encryption of personal data wherever it resides – including file systems databases, web repositories, cloud environments, big data environments and virtualisation implementations.
  • Policy-based access controls to assure that only authorised accounts and processes can see the data.
  • Monitoring of authorised accounts accessing data, to ensure that these accounts have not been compromised.

Thales provides key components of the solution

Thales' CipherTrust data security platform provides key components necessary to implement data-centric security. These include security controls that enable organisations to safeguard and audit the integrity of customer records and information against a broad range of threats against data. Thales data breach protection solutions are transparent to existing operating processes and applications for rapid implementation.

This single platform solution to multiple data breach protection helps organisations meet compliance requirements with low TCO and an easy-to-deploy, centrally managed infrastructure and solution set.

CipherTrust transparent encryption

CipherTrust transparent encryption from Thales provides file and volume level data-at-rest encryption and integrated, secure key management with a best practice implementation. Access controls and data access monitoring information extend protection from data breaches by limiting data access to only authorised personnel and programs. The same data provides the security intelligence information required for security information and event management solutions to identify accounts that may represent a threat because of a malicious insider, or a compromise of account credentials by malware.

CipherTrust application data protection

CipherTrust application data protection from Thales adds another layer of data breach protection, enabling organisations to easily build encryption capabilities into internal applications at the field and column level.

CipherTrust enterprise key management

CipherTrust enterprise key management from Thales enables centralised management of encryption keys for other environments and devices including KMIP compatible hardware, Oracle and SQL Server TDE master keys and digital certificates.

  • Related resources
  • Other key data protection and security regulations


    Active Now

    Perhaps the most comprehensive data privacy standard to date, GDPR affects any organisation that processes the personal data of EU citizens - regardless of where the organisation is headquartered.


    Active Now

    Any organisation that plays a role in processing credit and debit card payments must comply with the strict PCI DSS compliance requirements for the processing, storage and transmission of account data.

    Data Breach Notification Laws

    Active Now

    Data breach notification requirements following loss of personal information have been enacted by nations around the globe. They vary by jurisdiction but almost universally include a “safe harbour” clause.