Is your Privacy Program actionable?

Common challenges & issues:

  • Outsourcing practices have heightened companies’ need to focus on global movement of employee, customer, and confidential data flowing across borders and multiple organizations in varying legal jurisdictions.
  • Privacy concerns and identity theft have resulted in an increasing number of new U.S. domestic and international laws and regulations.
  • Overarching privacy governance, policies and procedures are lacking.
  • Business unit leaders have no clear direction, standard, or program to determine if their business initiatives are in violation of privacy laws.
  • The corporate Office of General Council cannot issue actionable direction and guidance on privacy compliance due to an unclear picture of data flows.
  • No method of dash boarding and measuring privacy compliance in the business units across the enterprise.

Under Generally Accepted Privacy Principles, privacy is defined as the rights and obligations of individuals and organizations with respect to the collection, use, retention, and disclosure of personal information. Generally Accepted Privacy Principles are designed to assist management in creating an effective privacy program that addresses their privacy risks and business opportunities. GAPP is a framework, but exactly how that framework is fulfilled within each jurisdiction is key to developing effective controls that keep your company in compliance with the actual domestic an international laws. Completing these tasks is the operationalization of privacy.

How can we support you:

Milton Alexander operationalizes your privacy program through three proprietary tools:

Milton Alexander Privacy Assessment allows both our professionals and your business leaders coalesce the main privacy issues and gain a broad understanding of the organization’s business, operational, regulatory and technical environments, identify third party sourcing relationships, existing privacy polices and procedures, as well as any specific privacy concerns relevant to the project at hand.

PrivacyMAP™ determines the location and movement of confidential, personal, and sensitive data elements, and maps the data elements to applicable laws and controls by geographic location and jurisdiction, so that proper determinations of privacy laws may be determined.

COGS™creates controls structure and methodology for privacy governance, aligned with GAPP principles, yet mapped to specific controls by jurisdiction. COGS™ provides a governance framework that maps applicable laws to specific privacy controls to keep your organization in compliance. The dash boarding abilities of COGS™ allows management to view dash board status on privacy across business units, by assigned control responsibility mapped to specific names and roles.

In addition to assigning and mapping privacy controls, we can:

  • Establish or review your existing privacy governance framework.
  • Conduct a review of existing privacy policies, procedures, controls and risks.
  • Develop data classification policies.
  • Create a confidential and sensitive data inventory, and conduct automated data mapping.
  • Conduct privacy and security due diligence on third party sourcing providers using on site inspections and data discovery tools.
  • Review and rewrite physical security policies and practices for privacy concerns.
  • Review notice, consent and other issues for cross-border data movement.
  • Prepare technical and business documentation, including the results of data mapping, for registration or notification for Data Protection Authorities.
  • Coordinate Incident Response Policy for response to privacy breaches.