The protection of US residents’ data is regulated by laws enacted on both the national and the state level. The examples of federal laws are GLBA, HIPAA, FTC, DPPA, FCRA, COPPA, TCPA, etc. States have their owns privacy laws, for example, the California Consumer Privacy Act (CCPA), Protections for Consumer Data Privacy, Florida Regulation of Trade, Commerce, Investments, and Solicitations, Biometric Information Privacy Act, etc.
Data Protection
- Advisory - The e-InnoSec Consultants will work with the client team and legal advisors to identify the data privacy and protection laws that will apply to the organization and the type of data that needs to be protected. The team will advise the client on the selection of the right approach to comply with the regulatory requirement.
- Assessment - The e-InnoSec team will assist the client in assessing the current level of compliance and identifying gaps. We will suggest and evaluate process and technology remediation steps with the client team to assess the feasibility, cost, and timeline to implement changes. We will create a continuous monitoring program to ensure continued compliance.
Most Western countries have already adopted comprehensive legal protections for personal data. With the revised General Data Protection Regulation (GDPR), the European Union has become the focal point of the global dialogue on individual data privacy. EU law protects all personal data, regardless of who collects it or how it is processed.
In addition, all 50 states including the District of Columbia, Guam, Puerto Rico, and the Virgin Islands have enacted security breach notification laws that require businesses or governments to notify consumers or citizens if their personal information is breached. GDPR, GLBA, HITECH, HIPAA, CCPA, and various other laws have sector-specific breach notification requirements.
Services
Advisory
- Identify applicable laws
- Design and implement effective privacy and data protection program
- Create a continuous monitoring program
Assessment
- Assess the current level of compliance and identifying gaps
- Suggest and evaluate process and technology remediation steps
- Create a continuous monitoring program