Data Privacy and Security Information Sheet:
Intelligent Classification and Protection

The purpose of this document is to provide customers of Proofpoint Intelligent Classification and Protection (“PICP”) with the information necessary to assess how this product can support and enhance their data privacy strategies.

Proofpoint Intelligent Classification and Protection – Product Statement

PICP is Proofpoint’s artificial intelligence (AI)-powered data discovery and classification solution. It takes inventory of all customer content, wherever it may reside. The PICP AI engine analyzes and classifies that content and recommends how best to prioritize its protection.

PICP mitigates customers’ data security risks. It gives customers complete visibility into and control of their business-critical data and augments existing data loss prevention (DLP) programs.

Information Processed by Proofpoint Intelligent Classification and Protection

PICP may process some personal data elements as part of the analysis of customer content. This is done to identify which personal data customers store (personal data inventory) and protect it against data loss through integration with Proofpoint Information Protection solutions.

By default, there are no personal data elements stored within PICP. There is no content kept within the platform after the analysis. PICP simply records which file contains which personal data type without storing the actual value of the personal data.

Customer Access to PICP Data and Privacy Options

Access to PICP data may be controlled by policies set by customer administrators. Access can be assigned to specific customer users. Data is made available to authorized users through the solution’s dashboard.

How Proofpoint Retains Records

PICP does not retain the content of customer files. Files are first indexed during discovery, then collected into a rolling cache, and while in this cache, the file content is further analyzed. The rolling cache is purged once the analysis is completed. All of this occurs on a cloud instance dedicated to the customer and does not leave the instance. Only the metadata is kept for reporting purposes.

Security

Proofpoint maintains a documented information security program that is aligned with the requirements of NIST 800-53 and ISO 27001. Security controls include the following:

  • Data in transit is protected using HTTPS/TLS.
  • Encryption at rest is accomplished using AES 256.
  • Access control mechanisms are present for physical and logical access to the facilities and the infrastructure hosting the services.
  • Proofpoint has implemented policies and procedures for the identification and remediation of vulnerabilities in its products and services. Please see https://www.proofpoint.com/us/security.
  • Proofpoint leverages a distributed security monitoring infrastructure to monitor for and alert on security incidents.
  • A network operation center receives and responds to security alerts, escalating to on-call security personnel.
  • Proofpoint’s information security program undergoes an annual SOC 2 Type II audit for the Availability, Confidentiality, and Security trust services principles.

© 2022. All rights reserved. The content on this site is intended for informational purposes only.
Last updated November 05, 2022.