top of page

Data Privacy

shutterstock_1007427868.jpg
Data Privacy Chart

Data Privacy

Every organization with personal data is bound by various Data Privacy laws. In order to comply an an organization must have defined data privacy policies, data controls, and data mapping. This provide organizations with an objective analysis of their data privacy posture to understand their shortcomings and address them with a prioritized remediation plan. More and more states and countries have data privacy rules and you do not need to do business in those states or countries, just have data on residents of those regions.

What to do?

shutterstock_1590824917.jpg

Get a handle on the data (Who, What , Where, When and How)

  • Types of Data Processed/Stored

  • Data Classification

  • Regions (Subjects and Storage)

  • Methods of processing/storage

  • Third Parties Involved?

shutterstock_1930752182 (1).jpg

Basis of Processing

  • Why does data processing occur?

  • What does the privacy policy/notice say?

  • What do contracts (if any) say?

Security Room

General Security Review

  • Vendor Management

  • Asset Inventories

  • Incident response

Security Room

  • Revamp of Privacy Policy Updates must be done annually due to changing legislation

  • Privacy Program Documentation

  • Contract/Agreement Review/Revision

  • Opt-out options (CCPA)

  • Data Breach Requirements must be embedded into an Incident Response

Where to start? Get an Assessment

Perform an audit on the environment that will identify and document the baseline state of information security within the organization.  The audit will identify areas (both in technology and process) where the baseline state is deficient.

 

A Full information data privacy audit using existing documentation, interviews and discovery using manual and automated discovery processes.

Server Room

The audit will cover the following functions and areas :

shutterstock_1590824917.jpg

Business Environment 

Identify and document geographic regions, privacy regulations and system locations.

shutterstock_1930752182 (1).jpg

Inventory and Data Classification

  • Data Storage /Encryption Requirements

  • Data Flows 

  • Vendors 

  • Systems 

  • Data Classifications 

Security Room

Data Protection

  • Review protection controls, processes and policies 

  • Align data classifications with protections  

Security Room

Policies, Processes and Procedures

  • Incident Response Plan

  • Privacy Policy and Notices

  • Data Destruction

  • Physical Security

  • Third Party Management

  • Data Subject Requests

shutterstock_1590824917.jpg

Awareness and Training 

Privacy Training within Security Awareness. 

shutterstock_1930752182 (1).jpg

Desired outcomes?

  • Audit Report detailing current state in each core area and a gap analysis.

  • Creation of a remediation plan and timeline

  • Executive Summary providing a snapshot of the current situation for distribution to business leaders and committees.

bottom of page