• Home
  • /
  • Security
  • /
  • Report from FieldFisher examines growing global mandates, legal obligations to encrypt personal data

Report from FieldFisher examines growing global mandates, legal obligations to encrypt personal data

Changes driven by new cyber threats, security breaches and data loss in the US, UK, France, Germany, Spain, Australia, Japan, South Korea and Taiwan.

San Jose, California, 05 Jun 2014
Read time 2min 30sec

Vormetric, a leader in enterprise data security for physical, virtual and cloud environments, today released a new report written by FieldFisher, a UK-based law firm with deep expertise in global compliance, e-privacy, information management and data security. The report details legal obligations for encryption of personal data resulting from both industry compliance regimes, such as PCI DSS, national laws and local regulations.

Driven by relentless news about cyber threats, security breaches and data loss, lawmakers and regulators the world over are increasingly defining new obligations for data security. Encryption requirements have been a prominent focus for the resulting new regulations, becoming a mandatory requirement for personal and financial data. In some cases, requirements have extended beyond encryption to include data access controls and threat pattern recognition.

"Persistent, high-profile stories about organisations who have failed to adequately protect personal data from today's enhanced levels of cyber threats are causing legislators and regulators globally to mandate stricter, more detailed protection requirements," said Phil Lee, Partner with FieldFisher, and editor of the report.

"We are witnessing a unique legal phenomenon; there is a global convergence of data security law and regulation around the issue of encryption so that it does not matter where in the world your organisation operates - regulators everywhere increasingly expect encryption of sensitive data, computers, databases and applications."

Some key points from the report:

In Europe, overlapping mandates from European Union (EU) and national governments across the continent result in variations in requirement by jurisdiction. Meeting standards in this environment requires both a top-down and bottom-up review for global organisations.

Access rights and intelligent pattern recognition to private data protected by encryption are starting to take hold as parts of PCI DSS, ISO 27001 and as a result of EU jurisprudence rulings.

In the USA, overlapping federal regulations (HIPAA, GLBA, FCRA, SOX, FISMA), NIST standards for federal agencies, FTC expectations and 47 US state laws result in multiple drivers for the same requirement set - encrypting personal and financial data, and control access.

"We will undoubtedly continue to see more moves toward increased mandates and legal obligations in the wake of so many high-profile security breaches and business losses," noted Tina Stewart, Vormetric's VP of Marketing. "The report clarifies the issues and gives organisations an up-to-date snapshot of global and local requirements in prominent markets worldwide regarding how encryption technologies and access control solutions must be deployed to avoid regulatory penalties, sanctions and business risk."

For complete details, download the report from Vormetric here.

Global requirements for encryption report details federal, international, industry and US state mandates


Vormetric (@Vormetric) is the industry leader in data security solutions that span physical, virtual and cloud environments. Vormetric helps over 1 300 customers, including 17 of the Fortune 25 and many of the world's most security-conscious government organisations, to meet compliance requirements and protect what matters - their sensitive data - from both internal and external threats. The company's scalable solution protects any file, any database and any application - within enterprise data centre, cloud, big data environments - with a high performance, market-leading Vormetric Data Security Platform that incorporates application transparent encryption, access controls and security intelligence. Vormetric - because data can't defend itself.


FieldFisher is a European law firm providing commercial solutions across a range of industry sectors. The firm has over 150 partners, 240 other lawyers and nearly 300 support staff across offices in Brussels, Hamburg, Paris, London, Munich, Manchester, Shanghai and Palo Alto.

Media contacts:

Vormetric UK/EMEA
Johnson King
Jonathan Mathias / Kasia Murphy
+44 (0)20 7401 7968

Vormetric Australia
Watterson Marketing Communications
Hannah Watterson
(02) 9929 7533

Vormetric South Korea
Mina Jeong
+82 2 566-8898

Editorial contacts
Vormetric Jennifer Usher +1(415) 591-8453
Login with