Data Privacy

Whether you are developing a data governance and/or a privacy program from the ground up or revising an existing one, we can work with you to accomplish your goals through appropriate privacy and data governance methodology(s).

Our professionals have deep experience supporting companies at every stage of their data management journey. They understand and can explain and translate technical regulation requirements, such as HIPAA and GLBA, as well as control frameworks and privacy standards like NIST Privacy Framework and 800-53r5, Data Governance Institute, AICPA GAPP, FIPPs, OECD Privacy Principles, NISTIR 8062, ISO 27001/27002 series, ISO 29100, ISO 38500. Whatever your privacy and governance program questions may be, they probably have the answers.

Our services include:

  • Evaluating privacy operations and data protection methods
  • Assessing data privacy and data governance program maturity
  • Developing a roadmap to implement data privacy & governance programs
  • Evaluating the records management process and procedures
  • Classifying and identifying data inventory(s), including critical data elements
  • Evaluating data privacy and governance programs against industry standards to meet compliance obligations
  • Identifying risks impacting the data privacy and governance programs and prioritize mitigating activities

Data Privacy

As data privacy laws and regulations are drafted, modified and enacted, businesses are examining and updating their data privacy compliance and governance structures in an effort to comply with the evolving requirements. With a direct effect on the controls and standards organizations must maintain, the requirements are influencing decisions to implement new technologies and update processes over maintaining private information. With an effective data management program, organizations are able to comply with requirements while reducing overall data privacy risks.

The laws and regulations include:

  • Federal Trade Commission Act (FTC)
  • Health Insurance Portability and Accounting Act (HIPAA)
  • Children's Online Privacy Protection Act (COPPA)
  • Gramm Leach Bliley Act (GLBA)
  • Fair Credit Reporting Act (FCRA)
  • Family Educational Rights and Privacy Act (FERPA)
  • California Privacy Rights Act (CPRA)
  • Virginia's Consumer Data Protection Act (CDPA)
  • Colorado Privacy Act (CPA)
  • Utah Consumer Privacy Act (UCPA)
  • Connecticut’s Data Privacy Law (also known as “An Act Concerning Personal Data Privacy and Online Monitoring” (CTDPA))
  • New York Stop Hacks and Improve Electronic Data Security Act (SHIELD)
  • Iowa Consumer Data Protection Act (ICDPA)
  • General Data Protection Regulation (GDPR)
  • Digital Services Act (DSA)
  • Digital Markets Act (DMA)
  • Brazil’s General Law for the Protection of Personal Data, or the Lei Geral de Proteção de Dados Pessoais (LGPD)
  • China’s Personal Information Protection Law (PIPL)
  • Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA)
  • European Union’s Artificial Intelligence Act (AI)
  • European Union’s E-Privacy Regulation (ePR)
  • EU-US Data Privacy Framework

Data Governance

Like any physical asset, the data a company possesses can be equally valuable. An organization should possess a complete record of what data it has, which systems and individuals use that data, and where that data travels within and outside its own IT ecosystem. With an effective data governance program, organizations are able to:

  • Improve data discovery efforts at the organization
  • Improve data governance actions across the organization
  • Inform decision making of the organization in short-term or long-term strategy
  • Inform product development decisions
  • Assist in appropriately funding strategic initiatives
  • Create legal artifacts that document the existence and location of data
  • Remove unnecessary data collection activities

Check out the following thought leadership resources: