Data Privacy Protection

Changing Landscape

It’s incredibly easy to fall behind on privacy requirements, against a moving target of legal statute, public opinion, and technology innovation. With trends like Bring Your Own Device (BYOD), social media, and mobile applications, more personal data is being collected and correlated than ever before.  This fast pace of change places your privacy program at a disadvantage, and may expose your organization to reputational, legal, or financial risk.

And although mitigating cybersecurity risk is vital to ensuring data confidentiality, integrity, and availability, security alone does not ensure privacy. Information itself must be examined from the perspective of why, what, how, when, and where. These drivers must be considered during every part of the system development life cycle, to ensure that the correct privacy controls are in place to protect the data, and the rights of the data owner.

Program Assessments

Aerstone’s privacy program assessments are customizable to meet both government and commercial requirements. We can perform a full review of your organization’s privacy program, or we can focus on specific areas as directed. Our review will compare current legal requirements and standards against existing policies. We will examine and correlate the reasons for collecting specific pieces of information, the mechanisms by which said information is collected, how privacy data is used and disclosed, how it is secured throughout the data life cycle. Our assessment will help your organization improve data protection standards, and ensure compliance with privacy laws, standards, and principles – including tangible recommendations for minimizing privacy risks and avoiding legal action or fines.

Impact Assessments

Whereas a Program Assessment focuses on policies and procedures, an Impact Assessment focuses on protecting data rights, and mitigating the risks associated with the handling of information at rest or in motion. With our combined security and privacy experience, Aerstone examines what data is collected and why, how data is used today and possibly in the future, data transparency and redress, data access rights, data safeguards in place, and data retention periods.  Ideally, an Impact Assessment should be performed during the system design phase, so that privacy controls can easily be incorporate. Privacy Impact Assessments should also be redone at major system milestones, or periodically, to verify that data use cases and data protections have not changed as a system or environment matures.