Is your Privacy Program actionable?
Common challenges & issues:
- Outsourcing practices have heightened companies’ need to focus on global movement of employee, customer, and confidential data flowing across borders and multiple organizations in varying legal jurisdictions.
- Privacy concerns and identity theft have resulted in an increasing number of new U.S. domestic and international laws and regulations.
- Overarching privacy governance, policies and procedures are lacking.
- Business unit leaders have no clear direction, standard, or program to determine if their business initiatives are in violation of privacy laws.
- The corporate Office of General Council cannot issue actionable direction and guidance on privacy compliance due to an unclear picture of data flows.
- No method of dash boarding and measuring privacy compliance in the business units across the enterprise.
Under Generally Accepted Privacy Principles,
privacy is defined as the rights and obligations of individuals and
organizations with respect to the collection, use, retention, and disclosure of
personal information. Generally Accepted Privacy Principles are designed to
assist management in creating an effective privacy program that addresses their
privacy risks and business opportunities. GAPP is a framework, but exactly how
that framework is fulfilled within each jurisdiction is key to developing
effective controls that keep your company in compliance with the actual domestic
an international laws. Completing these tasks is the operationalization of
privacy.
How can we support you:
Milton Alexander operationalizes your privacy program through three proprietary
tools:
Milton Alexander Privacy Assessment allows both our professionals and your
business leaders coalesce the main privacy issues and gain a broad understanding
of the organization’s business, operational, regulatory and technical
environments, identify third party sourcing relationships, existing privacy
polices and procedures, as well as any specific privacy concerns relevant to the
project at hand.
PrivacyMAP™ determines the location and movement of confidential, personal, and
sensitive data elements, and maps the data elements to applicable laws and
controls by geographic location and jurisdiction, so that proper determinations
of privacy laws may be determined.
COGS™creates controls structure and methodology for privacy governance, aligned
with GAPP principles, yet mapped to specific controls by jurisdiction. COGS™
provides a governance framework that maps applicable laws to specific privacy
controls to keep your organization in compliance. The dash boarding abilities of
COGS™ allows management to view dash board status on privacy across business
units, by assigned control responsibility mapped to specific names and roles.
In addition to assigning and mapping privacy controls, we can:
- Establish or review your existing privacy governance framework.
- Conduct a review of existing privacy policies, procedures, controls and risks.
- Develop data classification policies.
- Create a confidential and sensitive data inventory, and conduct automated data mapping.
- Conduct privacy and security due diligence on third party sourcing providers using on site inspections and data discovery tools.
- Review and rewrite physical security policies and practices for privacy concerns.
- Review notice, consent and other issues for cross-border data movement.
- Prepare technical and business documentation, including the results of data mapping, for registration or notification for Data Protection Authorities.
- Coordinate Incident Response Policy for response to privacy breaches.