Data Privacy Information Sheet:
Proofpoint Endpoint Data Loss Prevention (DLP) and
Proofpoint Insider Threat Management

The purpose of this document is to provide customers of Proofpoint’s Insider Threat Management (“ITM”) and Endpoint Data Loss Prevention (“Endpoint DLP”) with the information necessary to assess how the products can support and enhance their data privacy strategy.

ITM and Endpoint DLP – Product Statement

The growth in remote work from anywhere and everywhere has redefined the security perimeter to one based on people, increasing the risk of insider-led data loss for organizations. At the same time, the frequency and volume of insider threats keeps rising, placing a significant burden on security teams to keep pace.

Proofpoint’s ITM and Endpoint DLP solutions provide visibility, context, and analysis to help security teams quickly detect and prevent insider-led data breaches, while accelerating incident investigations and response to mitigate damage. Endpoint DLP is a subset of ITM and focuses on the detection and prevention of risky file activity by everyday users. ITM focuses on identifying and monitoring the riskiest users.

Information Processed by Proofpoint’s ITM & Endpoint DLP

ITM and Endpoint DLP filters and processes some personal data elements as users use their organization-issued endpoints to complete their job responsibilities. This is done to protect against insider threats and endpoint data loss. The types of data include:

• Personal financial information (sometimes known as PCI data) including but not limited to credit card numbers, bank account numbers.
• Personal healthcare information including but not limited to national identifiers, insurance numbers.
• Personal identifiable information (PII) including but not limited to names, email addresses.
• Personal data included on the user’s screen when visual capture is enabled.

Customer Access to ITM & Endpoint DLP Data and Privacy Options

Access to ITM and Endpoint DLP data may be controlled by policies set-up by security administrators. Access can be assigned to specific users and groups. Data is made available to authorized users and groups through the solution’s dashboard. More specifically:

• The Proofpoint Sigma Platform implements industry-standard encryption and security controls for data at rest, data in motion and API access.
• A highly restricted number of people within the operations team are responsible for deployment, configuration and maintenance of the production environment through Infrastructure-as-Code automation.
• Proofpoint has an access control policy that restricts access to Customer Data. Any access by Proofpoint personnel is heavily scrutinized, controlled and audited.
• Sigma Platform APIs and Applications implement an advanced set of Attribute-Based Access Controls (ABAC) for customer and Proofpoint personnel access, provisioned according to the least-privilege access model. Furthermore, customers have the ability and full control to add or remove privileges for Proofpoint personnel through the Administration Application ("Personas"), including granting non-operations Proofpoint personnel access to Customer Data and Personal Data recorded from the monitored activities of Users including captured visual screen content or file content.

How Proofpoint Retains Records

Proofpoint customers can select a retention period (30 days, 90 days, 120 days or 366 days) for which the data is retained in the Platform after which the data is securely deleted on a rolling basis.

Proofpoint’s Use of Subprocessors

Proofpoint utilizes subprocessors to provide its services. A comprehensive list of the subprocessors may be found on the Trust site.

Security

Proofpoint maintains a documented information security program that is aligned with the requirements of NIST 800-53 and ISO 27001. Security controls include the following:

• Data in transit is protected using HTTPS/TLS.
• Encryption at rest is accomplished using AES 256 or stronger ciphers.
• Access control mechanisms are present for physical and logical access to the facilities and the infrastructure hosting the services.
• Proofpoint has implemented policies and procedures for the identification and remediation of vulnerabilities in its products and services. Please see https://www.proofpoint.com/us/security.
• Proofpoint leverages a distributed security monitoring infrastructure to monitor for and alert on security incidents.
• Proofpoint's information security program undergoes an annual SOC 2 Type II audit for the Availability, Confidentiality, and Security trust services principles.