Regulations and Terms

At Varonis, ensuring our customers are 10 steps ahead of changing privacy laws is just what we do. Our massive library of reports provides concrete evidence of compliance. Additionally, our policies go beyond regular expressions with proximity matching, negative keywords and algorithmic verification to generate high-fidelity results.

Below is just a snippet of the compliance and regulations we stay up-to-date with:

Privacy/Compliance

CCPA: The California Consumer Privacy Act is a law designed to protect the data privacy rights of citizens living in California.

FERPA: The Family Educational Rights and Privacy Act is a federal law that protects the privacy of student education records.

GDPR: The General Data Protection Regulation is a regulation in EU law on data protection and privacy in the European Union and the European Economic Area.

HIPAA: The Health Insurance Portability and Accountability Act of 1996 requires the establishment of national standards for electronic healthcare transactions and national identifiers for providers, health insurance plans, and employers.

NYS DFS: In 2017, the New York State Department of Financial Services (NYDFS) launched GDPR-like cybersecurity regulations for its massive financial industry.

PCI: Payment card information.

PHI: Protected health information.

PII: Personally identifiable information.

SHIELD Act: New York's Stop Hacks and Improve Electronic Data Security Act.

 

Related terms

DSARs: Data Subject Access Requests.

Varonis Certifications

ISO 27701: Also abbreviated as PIMS (Privacy Information Management System) outlines a framework for Personally Identifiable Information (PII) Controllers and PII Processors to manage data privacy. Privacy information management systems are sometimes referred to as personal information management systems. In 2021, Varonis achieved ISO 27701 Data Privacy Certification.

SOC 2: (System and Organization Controls) is a regularly refreshed report that focuses on non-financial reporting controls as they relate to security, availability and confidentiality of a cloud service.

SOC 3: (System and Organization Controls) is a regularly refreshed report that focuses on internal controls as they relate to security, availability and confidentiality of a cloud service.

For a full list of our compliance certifications, please visit our website.

Federal government terms

CIA: Central Intelligence Agency. CIA is one of the few acronyms that does not need to be spelled out on initial use.

CISA: The Cybersecurity and Infrastructure Security Agency leads the national effort to understand, manage and reduce risk to our cyber and physical infrastructure.

 Classified information: When referring to classification types of data or information, the terms “Secret” and “Top-secret” should be capitalized.

CMMC: The United States Department of Defense is implementing the Cybersecurity Maturity Model Certification (CMMC) to normalize and standardize cybersecurity preparedness across the federal government’s defense industrial base (DIB). 

Department of Defense: Spell out on first use. DOD is acceptable on second reference.

Federal: Only capitalize when it starts a sentence. Example: “The federal government closed for a week because of the snowstorm” is correct.

 FBI: Federal Bureau of Investigation. FBI is one of the few acronyms that does not need to be spelled out on initial use.

GSA: The General Services Administration provides centralized procurement for the federal government, offering billions of dollars worth of products, services and facilities that federal agencies need to serve the public. Spell out on first use and abbreviate as GSA on second use. 

Government: Only capitalize when it starts a sentence. “State and local governments rely on Varonis.” and “the federal government,” are correct.

Microsoft's U.S. Government Community Cloud (GCC) and Microsoft's U.S. Government Community Cloud High (GCC High): Provides government customers with Microsoft 365 productivity services that have additional security, and U.S. data residency needed for U.S. government customers. Should be capitalized.

NIST: National Institute of Standards and Technology. Abbreviate as NIST on second use.

 NSA: The National Security Agency is a national-level intelligence agency of the United States Department of Defense, under the authority of the Director of National Intelligence. Abbreviate NSA on second use.

White House: Two words, capitalized. Only capitalize “The” if “The White House” starts a new sentence.

Finance

If you have any questions please refer to AP style guidelines or email Megan Garza.

 

Form 8-K: A very broad form used to notify investors in United States public companies of specified events that may be important to shareholders or the U.S. Securities and Exchange Commission. This is one of the most common types of forms filed with the SEC.

In March 2022, the SEC voted to propose new rules for cybersecurity disclosure and incident reporting on the form.

Form 10-K: An annual report required by the U.S. Securities and Exchange Commission, that gives a comprehensive summary of a company's financial performance.

The Sarbanes-Oxley Act of 2002, often simply called SOX or Sarbox, is U.S. law meant to protect investors from fraudulent accounting activities by corporations. Sarbanes-Oxley was enacted after several major accounting scandals in the early 2000s perpetrated by companies such as Enron, Tyco, and WorldCom.

The Gramm-Leach-Bliley Act requires financial institutions — companies that offer consumers financial products or services such as loans, financial or investment advice, or insurance — to explain their information-sharing practices to their customers, and to safeguard sensitive data.