Imperva Solutions for State and Local Government

Essential services provided by state and local government agencies rely on sensitive information stored in databases and files, and processed by various applications. Almost every state has enacted a "data breach notification" law. These laws generally require agencies and businesses that have personal information about residents within a state to notify those residents of any unauthorized access to their information.

Today, more than ever, government agencies are expected to protect personally identifiable information. Protection of such information is an integral part of demonstrating good stewardship — not to mention, it shows that the agency is trustworthy.

Imperva SecureSphere Data Security Solutions enable state and local government agencies to address data privacy and breach notification requirements with automated solutions that:

• Audit all access to sensitive information
• Protect databases and file servers from unauthorized access, data breach and leakage
• Enforce access controls based on 'need-to-know'
• Protect government and state web sites and web applications from attacks such as SQL injection, defacement, Denial of Service (DOS) attacks and more

IRS 1075
IRS 1075 provides tax information security guidelines for state and local agencies. It requires that personal and financial information in IRS systems is protected against unauthorized use, inspection or disclosure. Imperva data security solutions address multiple sections of the guideline, including audit and security guidelines ensuring that access to FTI (federal tax information) is limited to those individuals who are authorized to access and have a need to know.

Ohio Revised Code 1347 section 15 (ORC 1347.15)
During the 2008 election an employee of Ohio's Department of Job and Family Services used state computers to search for information on Joe Wurzelbacher (a.k.a. 'Joe the Plumber'). The searches were reported and the investigation concluded that they were improper. In response Ohio legislature enacted ORC 1347.15, which mandates civil and criminal penalties for improper access of personal information on state databases.

In order to address ORC 1347.15 State agencies require a complete audit trail which tracks user activities through web, file and database systems. This requirement is uniquely fulfilled by the integrated SecureSphere Data Security Suite.

California SB 1386
CA SB 1386 is a California law regulating the privacy of personal information. It requires anyone who conducts business in California to disclose security breaches to residents whose unencrypted data has been disclosed. CA SB 1386 expands on privacy law and guarantees that if a company exposes a Californian's sensitive information this exposure must be reported to the exposed individual.

SecureSphere provides real-time notifications to alert on potential exposure of personal information and protects data from wrongful access by blocking data breach attempts.

Massachusetts Data Privacy Law (Mass 201 CMR 17)
The Massachusetts Public Records Law and Fair Information Practices Act requires implementation of technical controls aimed at preventing breach of personal information. Mass 201 CMR 17 requires monitoring of data access to ensure that the implemented information security program is providing protection from unauthorized access to, or use of, personal information, and effectively limiting risks.

Imperva SecureSphere provides technical controls to prevent data breach and monitor data access across all data types. SecureSphere data breach prevention solutions protect personal information from breach attempts, leakage and theft, block unauthorized access and provide a complete audit trail of information usage.