Skip to content

Data Security and Privacy Assessment

Protect your business from data privacy risks


Maintaining privacy is an uphill battle.

The technologies that surround us — from smartphones and health devices to social networks and ATMs — all collect and share data.

And as consumers become more aware of how companies use their information, all businesses face a rising tide of data security and privacy assurance expectations.

If your company collects, processes, stores, or transmits personal information, it is legally responsible for its security.

This means that organizations must take appropriate measures to protect personally identifiable information (PII). Employers can be held vicariously liable for employee actions that lead to a privacy breach — even if those actions are unauthorized.

It is essential for organizations to have a robust data security and privacy program in place.

Failure to implement appropriate data security measures can lead to legal penalties, reputational damage, loss of business, and loss of customer trust.



With our Data Security and Privacy Assessment, you will learn


How much of your data qualifies as PII



Where the data is stored



With whom the data is shared



How well-protected the data are


We will also provide clear recommendations on how you can mitigate legal and reputational risks by

  • Assigning a privacy officer
  • Securing PII
  • Achieving compliance
  • Sustaining compliance

You can have security without privacy
But you cannot have privacy without security

To protect your business, you need more than knowledge of the PII in your care.

You also need a cybersecurity expert who can secure it. With this service, you will have access to data privacy consultants who can secure your data.

At Mirai Security, we are experts at aligning security programs with enterprise strategies and business objectives.

We have extensive experience designing security architectures in highly regulated industries such as telecom, finance, critical infrastructure, and health.

Further, we are proficient at implementing HIPPA (US healthcare privacy law), PIPEDA (Canadian federal legislation), FOIPPA (British Columbia provincial legislation), FOIP (Alberta provincial legislation), and GDPR (EU).


What to expect:


Introductory Meetings

We will schedule a meeting to introduce our team, review our methodology, and answer any questions. We will also assign points of contact and identify client-side business and risk owners.

Then, we will facilitate additional meetings with the appropriate business unit stakeholders. We seek to understand the relevant data sources, identify data owners*, and establish which applications use sensitive information.

Classify Data & Assign Risk Ratings

We will guide each owner through the completion of a Data Classification and Risk Rating Form. With our assistance, the data owners will classify and rate the risk associated with each data set. We will also work with the appropriate stakeholders to list the existing security controls used to protect PII.

Depending on the classification and risk rating provided, some owners may need to provide data flow and architecture diagrams so we can recommend the appropriate security controls.

Report & Recommendations

We will present and deliver a Data Security and Privacy Report containing our findings and recommendations.

At this point, we will be available to help tell your security story to the board or audit committee. Further, you may choose whether to enlist our assistance with implementing the prescribed controls.

Review & Signoff

We will review the information provided by your organization regarding existing security controls implemented to protect personal information. We will provide a dated signoff if they appear to be in place and functioning correctly. Please note that this service does not include an exhaustive inspection of each control.

We recommend that we review the data classification annually as a best practice. After signoff, if we are notified of any change to how data is collected, processed, or used, we can advise on the change’s impact.
 *What do you mean by 'data owner?

A data owner is an individual responsible for the management and protection of a specific set of data within an organization. Though, it is important to note that PII does not belong to anyone other than the person it is associated with. Data owners are custodians of personal information.

With this service, we will help identify and assign appropriate data ownership.

You will receiveData Security & Privacy Report that identifies the following:

  • Which of your organization's data contain PII
  • How PII is collected, stored, transmitted, and shared
  • If and how the PII is protected
  • Our recommendations for securing the data
  • Our recommendations for achieving and maintaining compliance

We also offer the following service enhancements at an additional cost:

  • Technical Remediation of Controls - Our team will implement and verify the prescribed controls
  • Privacy Impact Assessment (PIA) Report - We will assess the impact of a specific initiative, such as a new project or piece of software, on your organization’s previously-established compliance or privacy posture

Every company is legally required to protect personal information.

With our Data Security and Privacy Assessment, you will eliminate uncertainty surrounding the status and security of your organization's data.


Mirai Security is the first cybersecurity engineering firm with certified specialists in incident response, security testing, cloud security, governance, risk & compliance, application security, and human risk. We have extensive experience designing security architectures in highly regulated industries such as telecom, finance, critical infrastructure, and healthcare.