Data Privacy

Whether you are developing a data governance and/or a privacy program from the ground up or revising an existing one, we can work with you to accomplish your goals through appropriate privacy and data governance methodologies.

Connect with us

Featured

Trending
Insights & Resources

Webinar

Public Sector Education Webinar: How Government Agencies Can Prepare for Cyber Incidents Before They Happen

Our on-demand session discusses how your government agency can best prepare for cyber incidents. We'll look at ways to harness strategic initiatives currently in play and neutralize the published incidents of impacted organizations.

Article

The Who and How of HIPAA: Understanding Terms, Scope and Applicability

HIPAA’s requirements apply to more than doctors and hospitals. Protect your business and clients by learning about key requirements including who needs to comply.

Article

Who Needs a HIPAA Security Assessment? You May Be Surprised: Rules Touch Many Non-Medical Businesses

Non-medical businesses may be surprised that they are subject to HIPAA because they have clients handling ePHI.

Webinar

Webinar: Security vs Privacy – Do They Go Together Like PB&J or Oil & Water?

Discover whether security and privacy complement each other like PB&J or clash like oil and water, and gain insights into finding a balance that safeguards both.

Article

European Commission Adopts Adequacy Decision for EU-US Data Privacy Framework

As of July 11, 2023, personal data transferred between the EU and U.S. is protected by legal obligations under the EU-US Data Privacy Framework adequacy decision.

Article

Preparing to Comply with Iowa’s Consumer Data Protection Law

Iowa becomes the latest state to pass a consumer data protection law which takes effect on January 1, 2025. Find out how your organization will be affected.

Explore all insights

Our professionals have deep experience supporting companies at every stage of their data management journey. They understand and can explain and translate technical regulation requirements, such as HIPAA and GLBA, as well as control frameworks and privacy standards like NIST Privacy Framework and 800-53r5, Data Governance Institute, AICPA GAPP, FIPPs, OECD Privacy Principles, NISTIR 8062, ISO 27001/27002 series, ISO 29100, ISO 38500. Whatever your privacy and governance program questions may be, they probably have the answers.

Our Services

Evaluating privacy operations and data protection methods
Assessing data privacy and data governance program maturity
Developing a roadmap to implement data privacy & governance programs
Evaluating the records management process and procedures
Classifying and identifying data inventories, including critical data elements
Evaluating data privacy and governance programs against industry standards to meet compliance obligations
Identifying risks impacting the data privacy and governance programs and prioritize mitigating activities

Data Privacy

As data privacy laws and regulations are drafted, modified and enacted, businesses are examining and updating their data privacy compliance and governance structures in an effort to comply with the evolving requirements. With a direct effect on the controls and standards organizations must maintain, the requirements are influencing decisions to implement new technologies and update processes over maintaining private information. With an effective data management program, organizations are able to comply with requirements while reducing overall data privacy risks.

The laws and regulations include:

Federal Trade Commission Act (FTC)
Health Insurance Portability and Accounting Act (HIPAA)
Children’s Online Privacy Protection Act (COPPA)
Gramm Leach Bliley Act (GLBA)
Fair Credit Reporting Act (FCRA)
Family Educational Rights and Privacy Act (FERPA)
California Privacy Rights Act (CPRA)
Virginia’s Consumer Data Protection Act (CDPA)
Colorado Privacy Act (CPA)
Utah Consumer Privacy Act (UCPA)
Connecticut’s Data Privacy Law (also known as “An Act Concerning Personal Data Privacy and Online Monitoring” (CTDPA))
New York Stop Hacks and Improve Electronic Data Security Act (SHIELD)
Iowa Consumer Data Protection Act (ICDPA)
General Data Protection Regulation (GDPR)
Digital Services Act (DSA)
Digital Markets Act (DMA)
Brazil’s General Law for the Protection of Personal Data, or the Lei Geral de Proteção de Dados Pessoais (LGPD)
China’s Personal Information Protection Law (PIPL)
Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA)
European Union’s Artificial Intelligence Act (AI)
European Union’s E-Privacy Regulation (ePR)
EU-US Data Privacy Framework

Data Governance

Like any physical asset, the data a company possesses can be equally valuable. An organization should possess a complete record of what data it has, which systems and individuals use that data, and where that data travels within and outside its own IT ecosystem. With an effective data governance program, organizations are able to: