Privacy compliance can be bewildering experience for any government or business. The laws and jurisdictions involved are numerous; the rules, confusing; the regulatory consequences, costly. Information is such an integral part of your operations – how do you begin to assess what and how much you need to change your practices, policies, and resources?
Privacy Is Risky Business
Privacy Gap Assessments measure the state of privacy practice in the organization against legislative and industry standards. The assessment process involves a review of your organization’s personal information handling practices, including how information is collected and for what purpose; obtaining consent; disclosures to third parties; retaining and disposing of personal information; and protecting it from unauthorized access, use, disclosure, theft, and loss. Through a compliance assessment we help you identify privacy issues, assess and mitigate risk, and the best available resources to ensure compliance.
The Gap Assessment identifies:
- associated business purposes and transactions
- highest risks and implementation priorities to mitigate risks
- consent standards
- access management
Completing Privacy Impact Assessments Without Tears
A Privacy Impact Assessment (PIA) is a systematic process to determine whether new or existing information systems, administrative programs or services, or policies and practices meet basic privacy requirements. Many health care and government organization are required to complete PIAs. Doing so early in the process prevents significant costs from having to retrofit systems or redesign practices for privacy compliance. When included as part of the planning or early developmental stages of a new initiative or system, a PIA can be an extremely effective and proactive tool to:
- identify and mitigate compliance risk
- build privacy into system design
- establish ongoing accountability
Privacy Impact Assessments are a regulatory requirement for many health providers and public bodies implemented new personal information systems or practices.
You Can’t Be Privacy Compliant Without Good Security
With the proliferation of electronic systems in business today, information assets can do more for organizations than ever before, but are also increasingly at risk from new threats. Providing adequate security for sensitive information requires a fully integrated approach to risk management in protecting this corporate asset. It is imperative that an organization has a comprehensive information system security program in place to protect information assets from:
- unauthorized access to personal information
- threats to the integrity of information
- poor responses to privacy breaches
- uncontrolled and unsafe retention and destruction of information
Cenera relies heavily on the international standard IT Code of Practice for Information Security Management(ISO 27002) to identify and assess existing threats and risks to your systems, policies, and practices and to recommend mitigations and proactive solutions.