Skip to content

Data Security and Privacy Assessment

Protect your business from data privacy risks

SCHEDULE A CONSULTATION

Maintaining privacy is an uphill battle.

The technologies that surround us — from smartphones and health devices to social networks and ATMs — all collect and share data.

And as consumers become more aware of how companies use their information, all businesses face a rising tide of data security and privacy assurance expectations.

If your company collects, processes, stores, or transmits personal information, it is legally responsible for its security.

This means that organizations must take appropriate measures to protect personally identifiable information (PII). Employers can be held vicariously liable for employee actions that lead to a privacy breach — even if those actions are unauthorized.

It is essential for organizations to have a robust data security and privacy program in place.

Failure to implement appropriate data security measures can lead to legal penalties, reputational damage, loss of business, and loss of customer trust.

 

6-1
SCHEDULE A CONSULTATION

With our Data Security and Privacy Assessment, you will learn

20-min

How much of your data qualifies as PII

 

5-min

Where the data is stored

 

12-min

With whom the data is shared

 

9-min

How well-protected the data are

 

We will also provide clear recommendations on how you can mitigate legal and reputational risks by

  • Assigning a privacy officer
  • Securing PII
  • Achieving compliance
  • Sustaining compliance
17

You can have security without privacy
But you cannot have privacy without security

To protect your business, you need more than knowledge of the PII in your care.

You also need a cybersecurity expert who can secure it. With this service, you will have access to data privacy consultants who can secure your data.

At Mirai Security, we are experts at aligning security programs with enterprise strategies and business objectives.

We have extensive experience designing security architectures in highly regulated industries such as telecom, finance, critical infrastructure, and health.

Further, we are proficient at implementing HIPPA (US healthcare privacy law), PIPEDA (Canadian federal legislation), FOIPPA (British Columbia provincial legislation), FOIP (Alberta provincial legislation), and GDPR (EU).

6-1
SCHEDULE A CONSULTATION

What to expect:

  • 01 INTRODUCTORY MEETINGS
  • 02 CLASSIFY DATA & ASSIGN RISK RATINGS
  • 03 REPORT & RECOMMENDATIONS
  • 04 REVIEW & SIGNOFF

Introductory Meetings

We will schedule a meeting to introduce our team, review our methodology, and answer any questions. We will also assign points of contact and identify client-side business and risk owners.

Then, we will facilitate additional meetings with the appropriate business unit stakeholders. We seek to understand the relevant data sources, identify data owners*, and establish which applications use sensitive information.

Classify Data & Assign Risk Ratings

We will guide each owner through the completion of a Data Classification and Risk Rating Form. With our assistance, the data owners will classify and rate the risk associated with each data set. We will also work with the appropriate stakeholders to list the existing security controls used to protect PII.

Depending on the classification and risk rating provided, some owners may need to provide data flow and architecture diagrams so we can recommend the appropriate security controls.

Report & Recommendations

We will present and deliver a Data Security and Privacy Report containing our findings and recommendations.

At this point, we will be available to help tell your security story to the board or audit committee. Further, you may choose whether to enlist our assistance with implementing the prescribed controls.

Review & Signoff

We will review the information provided by your organization regarding existing security controls implemented to protect personal information. We will provide a dated signoff if they appear to be in place and functioning correctly. Please note that this service does not include an exhaustive inspection of each control.

We recommend that we review the data classification annually as a best practice. After signoff, if we are notified of any change to how data is collected, processed, or used, we can advise on the change’s impact.
 *What do you mean by 'data owner?

A data owner is an individual responsible for the management and protection of a specific set of data within an organization. Though, it is important to note that PII does not belong to anyone other than the person it is associated with. Data owners are custodians of personal information.

With this service, we will help identify and assign appropriate data ownership.
Security-Report-Sample

You will receiveData Security & Privacy Report that identifies the following:

  • Which of your organization's data contain PII
  • How PII is collected, stored, transmitted, and shared
  • If and how the PII is protected
  • Our recommendations for securing the data
  • Our recommendations for achieving and maintaining compliance

We also offer the following service enhancements at an additional cost:

  • Technical Remediation of Controls - Our team will implement and verify the prescribed controls
  • Privacy Impact Assessment (PIA) Report - We will assess the impact of a specific initiative, such as a new project or piece of software, on your organization’s previously-established compliance or privacy posture

Every company is legally required to protect personal information.

With our Data Security and Privacy Assessment, you will eliminate uncertainty surrounding the status and security of your organization's data.

SCHEDULE A CONSULTATION

Mirai Security is a process-focused consulting firm based in Vancouver, Canada. We are a dynamic group of cybersecurity experts with decades of experience building and operating security teams for the Canadian government, various critical infrastructure projects, the Vancouver 2010 Winter Olympics, and more.

In addition, we hold a rare engineering designation in the cybersecurity space, so our clients get novel insights and a proper, engineering-style approach to their enterprise network and data security. 

Cybersecurity is a fluid, complex field, and we’ve spent 30 years figuring it out so you don’t have to.