Monitoring solutions are designed to capture and retain transaction data that typically contain personal information such as social security numbers and credit card information. APM solutions handle this data carefully and don't inhibit your company's compliance with industry regulations. Your organization must however consider APM products and practices within the context of your organization's security and risk management practices.
The sections below provide brief summaries of key data-protection laws and how these laws influence APM processes.
The Payment Card Industry Data Security Standard is an information security standard for organizations that handle cardholder information (for example, credit card numbers). The standard was created to reduce credit card fraud.
All vendors that conduct credit card transactions over the internet must comply with PCI standards. APM solutions must not leak credit card information.
The Health Insurance Portability and Accountability Act of 1996 is a United States federal law that defines standards for electronic health care transactions.
HIPAA addresses the security and privacy of patient data and social security numbers. Data transmission must be encrypted and access to health data must be protected.
The General Data Protection Regulation for EU citizens defines EU citizens' rights regarding their personal data.
For more details, see our GDPR compliance page.