People – Process – Technology

Privacy Advisory Services

The privacy landscape has a myriad of local and international requirements that businesses must understand and abide by.

Data privacy is built on the foundation that individuals have a right to have their personal information protected from unauthorized use.

Seven principles were developed which comprise the core of all privacy laws, regulations and frameworks. Those principles include notice, consent, and information security, amongst others, which form all privacy compliance and risk management frameworks.

The consequences for failing to have processes and controls in place providing that protection are high as you’ve seen in the media lately. Security Validation has the know-how to help your business to successfully navigate these requirements. We have built processes and controls that enable you to detect and mitigate privacy risks which will in turn raise your privacy posture contributing to the trust of your brand.

Virtual Data Protection Officer/Chief Privacy Officer

The GDPR, as does HIPPA and other laws, require that someone in your organization be designated as the head of privacy identified as the Data Protection Officer (“DPO”) or the Chief Privacy Officer (“CPO”). DPOs/CPOs respond to regulatory inquiries, consumer requests or complaints, and are responsible for conducting independent investigations into these matters to determine the appropriate course of action. There is no requirement, however, that either role be fulfilled by a full time employee of your organization but instead can be outsourced at a significant cost savings. By hiring Security Validation, we can be your Virtual DPO or CPO.

Privacy by Design

Privacy by Design or PbD as it is commonly referred to is a series of technical controls that are built in to your products and services from concept to design to production. PbD is typically included in application development, architecture design, human resources, marketing and more. It is the way to institutionalize privacy engineering as a standard across platforms. PbD is also a black letter requirement in GDPR and is also a core component of numerous audit frameworks such as ISO27000, NIST and others. Let us work with your internal teams to build PbD for your organization.

Information Security for Privacy

A core tenet of privacy is Information Security for Privacy which identifies the type of information that needs protection, the associated legal and regulatory security requirements attached to that information, the level and type of industry standard security controls necessary based on the classification of the data. Information Security for Privacy documents for the security practitioner what to data has to highest impact to your business and thus where to put the valuable resources to protect.

Data Protection Impact Assessments/Privacy Impact Assessments

The legal landscape for privacy require that you monitor, identify and remediate risks to personal information by conducting routine impact assessments to data privacy. Additionally, the GDPR memorializes in the letter of the law that businesses handling personal information of EU residents to implement and follow a process called a Data Protection Impact Assessment (“DPIA”) to accomplish the same. With years of combined experience, our team of privacy experts can design, implement and conduct these privacy processes to detect and measure the risk to new data sources, products or services.

Dataflow design & analysis

In order to fully understand all of your risks and compliance requirements, you must first know the type of data you are collecting and the flow of that data throughout your organization’s systems. Dataflow diagrams demonstrate to your internal stakeholders but also to regulators that you have identified every data element on your servers, every hop it takes, where it stored, who has access to, and what controls have been put in place along the way. It is also invaluable in maintaining oversight and managing change in the related products or services. These go along way to demonstrate that your business exercised due diligence to mitigate risk to personal information oftentimes reducing potential fines or sanctions in the event of a regulatory inquiry or an audit post-breach.

We will work with your software engineers, infrastructure architects, IT and others to design and implement a dataflow process, as well as we can perform dataflow analyses on your behalf.

Website Privacy Notices

All websites are required to inform their visitors about the organization’s privacy practices surrounding the collection and use of personal information be it name, address, website cookies, IP address, and more. These statements are found on the website’s footer in the form of a privacy notice or “policy.’ Website privacy notices are viewed as promises made to the individual by the company and are enforceable by law. Website notices are not only a key component to building online trust with your constituents but are also factored greatly by regulators following a data breach. An accurate privacy notice can save your company heavy financial and brand damage.

If you have a website, let Security Validation build a privacy notice that accurately reflects your data protection practices.

Need help?

Call us at +1(855) 223 9114

Or email us at info@securityval.com