Privacy AssessmentsSecuring Private Information
It’s incredibly easy to fall behind on privacy requirements, against a moving target of legal statute, public opinion, and technology innovation. With trends like Bring Your Own Device (BYOD), social media, and mobile applications, more personal data is being collected and correlated than ever before. This fast pace of change places your privacy program at a disadvantage, and may expose your organization to reputational, legal, or financial risk. And although mitigating cybersecurity risk is vital to ensuring data confidentiality, integrity, and availability, security alone does not ensure privacy. Information itself must be examined from the perspective of why, what, how, when, and where. These drivers must be considered during every part of the system development life cycle, to ensure that the correct privacy controls are in place to protect the data, and the rights of the data owner.
Aerstone’s privacy program assessments are customizable to meet both government and commercial requirements. We can perform a full review of your organization’s privacy program, or we can focus on specific areas as directed. Our review will compare current legal requirements and standards against existing policies. We will examine and correlate the reasons for collecting specific pieces of information, the mechanisms by which said information is collected, how privacy data is used and disclosed, how it is secured throughout the data life cycle. Our assessment will help your organization improve data protection standards, and ensure compliance with privacy laws, standards, and principles – including tangible recommendations for minimizing privacy risks and avoiding legal action or fines.
Whereas a Program Assessment focuses on policies and procedures, an Impact Assessment focuses on protecting data rights, and mitigating the risks associated with the handling of information at rest or in motion. With our combined security and privacy experience, Aerstone examines what data is collected and why, how data is used today and possibly in the future, data transparency and redress, data access rights, data safeguards in place, and data retention periods. Ideally, an Impact Assessment should be performed during the system design phase, so that privacy controls can easily be incorporate. Privacy Impact Assessments should also be redone at major system milestones, or periodically, to verify that data use cases and data protections have not changed as a system or environment matures.
The General Data Protection Regulation (GDPR) is a regulation designed to strengthen and unify data protection for all individuals within the European Union (EU). As a replacement for the EU/US Safe Harbor Framework, the GDPR also addresses the export of personal data outside the EU. The GDPR aims primarily to give control back to EU citizens and residents over their personal data, and to simplify the regulatory environment for international business by unifying privacy regulation within the EU. When the GDPR takes effect on 25 May 2018, it will replace the European data protection directive of 1995 — although unlike an EU directive, the GDPR does not require national governments to pass any enabling legislation, and is thus directly binding and applicable. As such, all companies hoping to do business in the EU, or with EU citizens, are well advised to adhere to GDPR guidelines, notably including pseudonymisation, right to erasure, data portability, and data protection “by Design and by Default.”
Our Experience Sets Us Apart
Aerstone is an NSA-certified vulnerability assessor, and a service-disabled veteran-owned small business.
We approach each engagement with the highest levels of professionalism, determination, and creativity, honed by years of working with
security professionals across the military, intelligence community, civilian government, and private industry.
Contact our sales team at firstname.lastname@example.org for more information.