Data privacy and data protection continue to be a significant business issues. They challenge organizations from a number of perspectives, including business risk, compliance, brand and reputation. Having performed data privacy and protection projects for large, international organizations impacted by almost every major privacy law in the United States, Canada, European Union, Latin America, and Asia-Pacific, eGRC.COM can help an entity effectively manage the business risk and compliance issues relating to data privacy and its protection.
Specifically we have assisted organizations with:
- Developing a corporate privacy framework
- Creating a principle-based privacy policy and privacy charter
- Documenting the information life cycle including the identification of key controls
- Complying with cross border data transfer requirements
- Developing a data classification model
- Performing privacy and security risk assessments using the HIPAA Security and Privacy Rule, HITECH provisions, Safe Harbor Framework, GAPP, MA 201 CMR, and PCI DSS as baseline requirements
- Conducting privacy gap analysis to validate compliance with applicable regulations
- Preparing privacy impact assessments
- Developing breach notification procedures
- Conducting tailored privacy awareness training
Additionally, eGRC.COM is extensively familiar with, and maintains a comprehensive library of privacy legislation requirements for the United States, Canada, Europe, Latin America, and Asia-Pacific. This library includes, but not limited to: HIPAA, PCI Data Security Standard, Gramm-Leach-Bliley Act (GLBA), Children’s Online Privacy Protection Act (COPPA), Personal Information Protection and Electronic Documents Act (PIPEDA), Personal Information Protection Act (PIPA) of British Columbia, Freedom of Information and Protection of Privacy Act (FOIP Act), UK Data Protection Act, EU Directive 95/46/EC, and US Safe Harbor.
Data Privacy Services:
- Data Privacy Assessments
- Corporate Data Privacy Framework Development
- Privacy Policy Development
- Breach Notification Procedures
- US Safe Harbor & EU DPA Registrations
- Privacy Awareness Training
- Massachusetts 201 CMR 17
- PCI, GLBA & HIPAA Compliance