Privacy Assessment & Audit Service
Privacy has grabbed the attention of boards of directors (BoDs) across regions as organizations look to comply with new privacy regulations and compliance standards similar to GDPR. Privacy is the new buzzword, and the potential impact is very real. Personal data were processed for political and economic reasons without users’ consent, as happened in the Cambridge Analytica event. In view of such recent incidents, the failure of the EU Safe Harbor and the Privacy Shield to provide real protection, privacy laws are now changing and have become more stringent. After GDPR, new privacy laws are enacted such as the US California Consumer Privacy Act (CCPA), and the Brazilian General Data Protection Law and many more are planned. It may be prudent for organizations to be more proactive and adopt measures for privacy governance to comply with such laws.
Some hefty privacy fines levied on some well-known names:
- Facebook: $5 billion
- Equifax: $ 700 million
- British Airways: $230 million
- Marriott: $126 million
- Uber: $148 million
- Google: $50 million
- Yahoo: $117.5 million
- Tesco Bank: $21 million
- Anthem: $16 million
Why Privacy Assessment?
Privacy Assessments are important in order to understand the organization’s privacy risks arising from exiting commitments, new projects, initiatives, systems, processes, strategies, policies, business relationships etc.
The main goal of a privacy assessment includes:
- The information collected should comply with all privacy-related legal and regulatory compliance requirements covering PII data.
- Identifying the privacy risks, defining the same and monitoring controls and incidents.
- Taking actions to have an effective mitigate of the risks.
Privacy or Data Privacy Impact Assessment?
A Privacy Impact Assessment or Data Privacy Impact Assessment (DPIA) for HIPAA GDPR CCPA or any other mandates is a type of impact assessment which is typically designed to accomplish three main goals:
- Identify and evaluate the risks of data privacy and its impact on data breaches or other incidents and effects, should that happen.
- Identify appropriate privacy controls to mitigate unacceptable risks.
- To understand what aspects to monitor to ensure conformance with applicable legal, regulatory and policy requirements for privacy or PII Data for e.g. GDPR, CCPA, HIPAA etc.
Privacy Compliance with SOC 2 using Trust Services Privacy Criteria.These were formerly known as the Generally Accepted Privacy Principles(GAPP) by AICPA.
The privacy laws encourage the adoption of certification schemes to demonstrate compliance. Compliance with the international information security standard SOC 2 for Privacy, can help organizations demonstrate the data security requirements of the various privacy laws. Reporting on Privacy Trust Services Criteria for privacy compliance involves building a holistic framework of processes, people and technologies to secure information.
Our Privacy Related Services
- Privacy Impact Assessment
- COBIT,NIST,ISO 27701(formerly ISO 27552) Audit Services
- HIPAA Audit Services
- GDPR Audit Services
- CCPA Audit Services
- SOC 2 Type 2 audit for Privacy Compliance
- More on our SOC Audit Services.