Privacy and information security compliance usually begins with an assessment of the technical and legal requirements of your industry, the types of data with which you work (credit card, social security numbers, and other information), your contractual obligations, and external notices and public disclosures. We also consider the geographic regions that affect your operations as well as where the subjects about whose personal information you may process reside. Although becoming more generally applied, United States law is still largely sectoral, meaning different standards apply through laws and regulations to different industries. Internationally, overarching laws pertaining to all businesses and all types of personal information often broadly apply. In our assessment phase, we work with you to determine what types of data you process, what types of business activities you conduct, from where the data comes, and to whom it goes. We also consider and review your existing policies, procedures and practices. We strongly believe in providing governance, risk management, and compliance services designed to minimize operational disruption while effectively informing you of your obligations.

Ernest Hemingway is credited with the quote: “The best way to find out if you can trust somebody is to trust them.” Your customers and clients trust you to do the right thing with their personal and sensitive business information – and trust lost is not easily regained. Our assessment helps you understand not just your minimum requirements, but also the bigger picture of what is at stake in your field so that you can decide how to leverage your practices to build and maintain trust as a marketing tool. An assessment of your privacy and information security practices to discover potential issues can be invaluable for managing your risk and considering correct actions, even if you do not utilize other phases of our work.