Defensible Data Privacy Compliance Solutions

We offer and support a variety of data privacy management platforms which include data subject fulfillment workflows, records and PII inventory management, vendor assessment and policy adherence tools, privacy impact assessments, file analysis projects and records retention enforcement.
Benefits of Privacy Programs
Benefits of Privacy Programs

In addition to serious financial penalties associated with today’s data breaches, organizations can be forced to pay enormous legal costs, face regulatory fines and crippling oversight such as long FTC consent orders.

That’s why companies need to systematically and consistently identify privacy and data protection risks, apply the right standards and solutions and defend their decisions to regulatory authorities and judges.

 

 

What laws and other rules govern PII besides GDPR and CCPA?

  • Gramm-Leach-Bliley Act (GLBA)
  • Fair Credit Reporting Act (FCRA)
  • Drivers Privacy Protection Act (DPPA)
  • Health Insurance Portability and Accountability Act (HIPAA)
  • Health Information Technology for Economic Clinical Health Act (HITECH)
  • Payment Card Industry Data Security Standard (PCI-DSS)
  • Family Educational Rights and Privacy Act (FERPA)
  • 50 state data breach laws

Compliance & Privacy Partners provides smart and affordable privacy compliance, data governance and risk management solutions designed to help organizations build privacy programs, assess, manage and remediate risks and demonstrate defensible compliance. We offer and support a variety of data privacy management platforms which include data subject fulfillment workflows, records and PI inventory management, vendor assessment and policy adherence tools, privacy impact assessments, file analysis projects and records retention enforcement.

Our solutions:

  • Mitigate legal, regulatory, fiscal and reputational risks caused by a breach
  • Protect customers and the company executives from reputational risks associated with weaknesses in data protection
  • Support business development, investment opportunities, and mergers and acquisitions
  • Secure and protect company trade secrets, intellectual property and technology infrastructure from internal and external threats

Threshold Analysis and Privacy Impact Assessments (PIA’s):

  • Policies and procedures review
  • Data mapping and inventories
  • Data protection risk assessments
  • Controls evaluation to best practices and standards
  • Findings and recommendations reports
  • Opt-in / Opt-out consent forms and controls review
  • Impact of mergers and acquisitions

Privacy Program Development:

  • Establish program roadmap and governance
  • Design roles and responsibilities
  • Develop technology infrastructure and support
  • Develop and deliver training
  • Program monitoring
  • Privacy by design support
  • Support for hiring and team building

Third-Party and Vendor Due Diligence:

  • Contract due diligence and data collection requirements
  • Cloud computing services policy guidance
  • Build vs Buy advisory services

Additional Services:

  • Comprehensive controls evaluation
  • Cross border data transfer guidance
  • Audit preparation and remediation

Laws and Regulations We Cover:

  • California Consumer Privacy Act of 2018, Amendments and Rulemaking
  • HIPAA/HITECH Security, Privacy and Breach Notification Rules
  • Children’s Online Privacy Protection Act (COPPA)
  • Generally Accepted Privacy Principles (GAPP)
  • EU’s General Data Protection Regulation (GDPR)
  • ISO/IEC 27001-2:2013
  • CIS Top 20 Critical Security Controls (CA AG requires)
  • SEC OCIE Cybersecurity Initiative
  • NIST Cybersecurity Framework
  • U.S. Sentencing/DOJ/OIG Guidelines for Effective Compliance (program foundation)