- Privacy Program Management
- Privacy Program Structures
- Privacy Awareness Training
- Privacy Risk Assessments
- Privacy Notice, Choice and Consent
- Understanding Privacy Notice Obligations
- Branding and Technology Considerations
- Management of Client-Scoped Privacy Data
- Data Governance Context
- Maintenance of Data and Vendor Inventories
- Reviewing Data Flows or Data Movement Diagrams
Our Privacy Risk Advisory Services cover the following:
The General Data Protection Regulation (EU) 2016/679 (GDPR) is a regulation in EU law on data protection and privacy in the European Union (EU) and the European Economic Area (EEA). It also addresses the transfer of personal data outside the EU and EEA areas. The GDPR aims primarily to give control to individuals over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.
OECD Privacy Framework
Two themes run through the updated Guidelines: A focus on the practical implementation of privacy protection through an approach grounded in risk management, and the need to address the global dimension of privacy through improved interoperability. The Organization for Economic Cooperation and Development (OECD) is a unique forum where the governments of 34 democracies with market economies work with each other, as well as with more than 70 non-member economies to promote economic growth, prosperity, and sustainable development.
Canadian Personal Information And Electronic Documents Act
PIPEDA applies to private-sector organizations across Canada that collect, use or disclose personal information in the course of a commercial activity.
NIST Privacy Framework
The NIST Privacy Framework is a voluntary tool developed in collaboration with stakeholders intended to help organizations identify and manage privacy risk to build innovative products and services while protecting individuals’ privacy.
California Consumer privacy Act
The California Consumer Privacy Act (CCPA), enacted in 2018, creates new consumer rights relating to the access to, deletion of, and sharing of personal information that is collected by businesses.
New York State Department Of Financial Services 23 NYCRR 500
Summary Of The HIPAA Privacy Rules
The Standards for Privacy of Individually Identifiable Health Information (“Privacy Rule”) establishes, for the first time, a set of national standards for the protection of certain health information. The U.S. Department of Health and Human Services (“HHS”) issued the Privacy Rule to implement the requirement of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”).1 The Privacy Rule standards address the use and disclosure of individuals’ health information—called “protected health information” by organizations subject to the Privacy Rule — called “covered entities,” as well as standards for individuals’ privacy rights to understand and control how their health information is used. Within HHS, the Office for Civil Rights (“OCR”) has responsibility for implementing and enforcing the Privacy Rule with respect to voluntary compliance activities and civil money penalties.
Childrens Online Privacy Protection Rule (COPPA)
COPPA imposes certain requirements on operators of websites or online services directed to children under 13 years of age, and on operators of other websites or online services that have actual knowledge that they are collecting personal information online from a child under 13 years of age.
APEC Privacy Framework
The Framework, which aims at promoting electronic commerce throughout the Asia Pacific region, is consistent with the core values of the OECD’s Guidelines on the Protection of Privacy and Trans-Border Flows of Personal Data (OECD Guidelines), and reaffirms the value of privacy to individuals and to the information society.