A Wide Range of Services

 
 

We specialize in fixed-rate consulting engagements to fit your discretionary budget. Open-ended consulting on an hourly basis is also available.

 

Data Inventories

If you don’t know what data you have or where it is, you can’t effectively manage your risk. We have conducted hundreds of data inventories on programs in every sector: consumer products, retail, e-commerce, healthcare, manufacturing, telecommunications, SaaS services, advertising technology, hospitality, financial services, insurance, transportation, travel, fashion, toys, gaming, and entertainment.

Privacy Impact Assessments/DPIAs

Whether it’s an existing product or a new initiative, understanding the privacy risks and impacts is essential. Customers and partners are increasingly demanding proof that your product or service will not adversely affect their compliance posture as well. We have conducted hundreds of PIAs and DPIAs on products, services, platforms, including emerging technologies and IoT devices.

Privacy Notices and Internal Policies

Developing your internal policies, external-facing Privacy Notices, Standard Operating Procedures and other operational guidance can be tedious process that can produce products that are tedious to read and harder to understand. We can help you make policies and guidance documents that are relevant to your organization, clearly and engagingly written, and convey requirements with clarity.

Data Retention & Deletion Policies

Many organizations have a range of data retention and deletion requirements, with some aspects driven by laws and regulations, some driven by customer or partner requirements, and some practices arising from internal use cases. Coordinating these policies and creating a program for assessing compliance can be challenging, but with regulators increasingly scrutinizing your basis for retaining data, a coherent and effective retention and deletion program is a necessity.

Program Maturity Assessments

Through application of a structured analytical framework derived from the AICPA Privacy Maturity Model concept, it is possible to quantify many aspects of your privacy program and determine where along a maturity arc those components fall. This allows you to quickly identify areas for improvement, determine approaches that will increase your program’s efficiency, and demonstrate to stakeholders the success of your efforts.

Privacy & Security Certification Support

We led the first successful ISO 27701 certification ever awarded by the British Standards Institute (BSI) and have successfully managed the privacy portions of major certification processes including ISO 27001, SOC 1/ SOC 2, NIST, PCI-DSS, and HIPAA/HITECH. 

Data Protection Officer (DPO) Services

Articles 37-39 of the EU GDPR define the role and duties of a Data Protection Officer, including independence and insulation from undue influence over their judgment. Some organizations have chosen to incorporate the DPO role into existing in-house positions, however many organizations find value in designating an external DPO who can provide the kind of independence that regulators may find lacking should a problem arise. We can provide affordable, timely, and truly independent input to your data protection activities and programs.

M&A Due Diligence & Integration

We have conducted due diligence on more than a dozen major mergers and acquisitions involving highly sensitive data in the healthcare and financial services sectors. Whether you’re considering an acquisition, moving to the term sheet stage, deep in discovery or executing your post-acquisition integration plan, we can bring our years of experience to bear.

DSAR Program Development

We have designed and implemented a variety of Data Subject Access Request (DSAR) programs for businesses of various sizes and in various industries, including retail, e-commerce, and financial services. We can help you design a DSAR program from scratch or help you make an existing program more efficient.

New Product Counseling

With our deep experience in product management, we know how to work with product and engineering teams to assess and mitigate the risks of new product initiatives. We can translate legalese into understandable guidance and concrete requirements that enable teams to reach their desired outcomes with confidence.

Education & Training Development

Nearly everyone understands the inherent need for strong privacy and data protection in their business, but how do you go beyond instincts and good intentions to a privacy awareness program that meets the legal requirements of various laws and regulations. We have developed special-purpose training materials, helped to customize existing generic training programs to address unique corporate practices, and conducted dozens of in-person and virtual training classes, “brown bag” seminars, and events for Data Privacy Day that help you foster privacy awareness throughout your organization.

Privacy by Design

Beyond education and training, the concept of Privacy by Design deeply integrates fundamental tenets of privacy into the design and development process. Using a time-tested Privacy by Design framework, we can tailor a program to the unique requirements of your organization, helping you embed privacy as a part of the culture of success in your product and engineering teams.