AI-DRIVEN : HUMAN-LED

Expert Advisory Services on Third-Party Governance & Risk Management

AI-DRIVEN : HUMAN-LED
Expert Advisory Services on Third-Party Governance & Risk Management
Untitled-1

MANAGING PRIVACY RISK IN THIRD PARTY RELATIONSHIPS

While some organizations have a clear understanding of privacy risk management, a common understanding of many aspects of this topic is still not widespread. A thorough understanding of the types of outsourcing relationships is critical to a Third-Party privacy assessment. Privacy regulations create requirements and obligations for many activities. Not all privacy compliance requirements apply directly to each Third Party.

Determining which privacy requirements may impact a Third-Party relationship or a Third-Party assessment is based on conducting pre-assessment scoping and using requirements within their Third Party Risk Management classification structure.

Most organizations do not have the resources to address all Third Parties with the same level of rigor. We will help you manage this challenge.

ENGAIZ Advisory Partners are experts in Privacy Regulations and have expertise across different Privacy Jurisdictions.

PRIVACY RISK ASSESSMENTS

Assess maturity levels and understand improvement areas.

PRIVACY PROGRAM MANAGEMENT

Fully managed Third-Party
Risk services

PRIVACY AWARENESS TRAINING

We will support and train
your team

  • ADVISORY SERVICES
  • REGULATIONS

Our Privacy Risk Advisory Services cover the following:

    • Privacy Program Management
    • Privacy Program Structures
    • Privacy Awareness Training
    • Privacy Risk Assessments
    • Privacy Notice, Choice and Consent
    • Understanding Privacy Notice Obligations
    • Branding and Technology Considerations
    • Management of Client-Scoped Privacy Data
    • Data Governance Context
    • Maintenance of Data and Vendor Inventories
    • Reviewing Data Flows or Data Movement Diagrams
    • Roles and Responsibilities in Data Access Rights
    • Data Protection, Incident Notification and Response
    • Third Party Privacy Agreements
    • Individual Rights
    • Standard Contract Provisions
    • Privacy Agreements
    • Authorizations, Monitoring and Enforcement
    • Complaint and Dispute Handling
    • External Assurance Strategies
    • Privacy Readiness Assessments
EU General Data Protection Regulation (GDPR)

The General Data Protection Regulation (EU) 2016/679 (GDPR) is a regulation in EU law on data protection and privacy in the European Union (EU) and the European Economic Area (EEA). It also addresses the transfer of personal data outside the EU and EEA areas. The GDPR aims primarily to give control to individuals over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.



OECD Privacy Framework

Two themes run through the updated Guidelines: A focus on the practical implementation of privacy protection through an approach grounded in risk management, and the need to address the global dimension of privacy through improved interoperability. The Organization for Economic Cooperation and Development (OECD) is a unique forum where the governments of 34 democracies with market economies work with each other, as well as with more than 70 non-member economies to promote economic growth, prosperity, and sustainable development.



Canadian Personal Information And Electronic Documents Act

PIPEDA applies to private-sector organizations across Canada that collect, use or disclose personal information in the course of a commercial activity.



NIST Privacy Framework

The NIST Privacy Framework is a voluntary tool developed in collaboration with stakeholders intended to help organizations identify and manage privacy risk to build innovative products and services while protecting individuals’ privacy.



California Consumer privacy Act

The California Consumer Privacy Act (CCPA), enacted in 2018, creates new consumer rights relating to the access to, deletion of, and sharing of personal information that is collected by businesses.



New York State Department Of Financial Services 23 NYCRR 500



Summary Of The HIPAA Privacy Rules

The Standards for Privacy of Individually Identifiable Health Information (“Privacy Rule”) establishes, for the first time, a set of national standards for the protection of certain health information. The U.S. Department of Health and Human Services (“HHS”) issued the Privacy Rule to implement the requirement of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”).1 The Privacy Rule standards address the use and disclosure of individuals’ health information—called “protected health information” by organizations subject to the Privacy Rule — called “covered entities,” as well as standards for individuals’ privacy rights to understand and control how their health information is used. Within HHS, the Office for Civil Rights (“OCR”) has responsibility for implementing and enforcing the Privacy Rule with respect to voluntary compliance activities and civil money penalties.



Childrens Online Privacy Protection Rule (COPPA)

COPPA imposes certain requirements on operators of websites or online services directed to children under 13 years of age, and on operators of other websites or online services that have actual knowledge that they are collecting personal information online from a child under 13 years of age.



APEC Privacy Framework

The Framework, which aims at promoting electronic commerce throughout the Asia Pacific region, is consistent with the core values of the OECD’s Guidelines on the Protection of Privacy and Trans-Border Flows of Personal Data (OECD Guidelines), and reaffirms the value of privacy to individuals and to the information society.

Our Privacy Risk Advisory Services cover the following:

    • Privacy Program Management
    • Privacy Program Structures
    • Privacy Awareness Training
    • Privacy Risk Assessments
    • Privacy Notice, Choice and Consent
    • Understanding Privacy Notice Obligations
    • Branding and Technology Considerations
    • Management of Client-Scoped Privacy Data
    • Data Governance Context
    • Maintenance of Data and Vendor Inventories
    • Reviewing Data Flows or Data Movement Diagrams
    • Roles and Responsibilities in Data Access Rights
    • Data Protection, Incident Notification and Response
    • Third Party Privacy Agreements
    • Individual Rights
    • Standard Contract Provisions
    • Privacy Agreements
    • Authorizations, Monitoring and Enforcement
    • Complaint and Dispute Handling
    • External Assurance Strategies
    • Privacy Readiness Assessments
EU General Data Protection Regulation (GDPR)

The General Data Protection Regulation (EU) 2016/679 (GDPR) is a regulation in EU law on data protection and privacy in the European Union (EU) and the European Economic Area (EEA). It also addresses the transfer of personal data outside the EU and EEA areas. The GDPR aims primarily to give control to individuals over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.



OECD Privacy Framework

Two themes run through the updated Guidelines: A focus on the practical implementation of privacy protection through an approach grounded in risk management, and the need to address the global dimension of privacy through improved interoperability. The Organization for Economic Cooperation and Development (OECD) is a unique forum where the governments of 34 democracies with market economies work with each other, as well as with more than 70 non-member economies to promote economic growth, prosperity, and sustainable development.



Canadian Personal Information And Electronic Documents Act

PIPEDA applies to private-sector organizations across Canada that collect, use or disclose personal information in the course of a commercial activity.



NIST Privacy Framework

The NIST Privacy Framework is a voluntary tool developed in collaboration with stakeholders intended to help organizations identify and manage privacy risk to build innovative products and services while protecting individuals’ privacy.



California Consumer privacy Act

The California Consumer Privacy Act (CCPA), enacted in 2018, creates new consumer rights relating to the access to, deletion of, and sharing of personal information that is collected by businesses.



New York State Department Of Financial Services 23 NYCRR 500



Summary Of The HIPAA Privacy Rules

The Standards for Privacy of Individually Identifiable Health Information (“Privacy Rule”) establishes, for the first time, a set of national standards for the protection of certain health information. The U.S. Department of Health and Human Services (“HHS”) issued the Privacy Rule to implement the requirement of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”).1 The Privacy Rule standards address the use and disclosure of individuals’ health information—called “protected health information” by organizations subject to the Privacy Rule — called “covered entities,” as well as standards for individuals’ privacy rights to understand and control how their health information is used. Within HHS, the Office for Civil Rights (“OCR”) has responsibility for implementing and enforcing the Privacy Rule with respect to voluntary compliance activities and civil money penalties.



Childrens Online Privacy Protection Rule (COPPA)

COPPA imposes certain requirements on operators of websites or online services directed to children under 13 years of age, and on operators of other websites or online services that have actual knowledge that they are collecting personal information online from a child under 13 years of age.



APEC Privacy Framework

The Framework, which aims at promoting electronic commerce throughout the Asia Pacific region, is consistent with the core values of the OECD’s Guidelines on the Protection of Privacy and Trans-Border Flows of Personal Data (OECD Guidelines), and reaffirms the value of privacy to individuals and to the information society.