Data Security and Privacy Assessment
Maintaining privacy is an uphill battle.
The technologies that surround us — from smartphones and health devices to social networks and ATMs — all collect and share data.
And as consumers become more aware of how companies use their information, all businesses face a rising tide of data security and privacy assurance expectations.
If your company collects, processes, stores, or transmits personal information, it is legally responsible for its security.
This means that organizations must take appropriate measures to protect personally identifiable information (PII). Employers can be held vicariously liable for employee actions that lead to a privacy breach — even if those actions are unauthorized.
It is essential for organizations to have a robust data security and privacy program in place.
Failure to implement appropriate data security measures can lead to legal penalties, reputational damage, loss of business, and loss of customer trust.
With our Data Security and Privacy Assessment, you will learn
How much of your data qualifies as PII
Where the data is stored
With whom the data is shared
How well-protected the data are
We will also provide clear recommendations on how you can mitigate legal and reputational risks by
- Assigning a privacy officer
- Securing PII
- Achieving compliance
- Sustaining compliance
You can have security without privacy
But you cannot have privacy without security
To protect your business, you need more than knowledge of the PII in your care.
You also need a cybersecurity expert who can secure it. With this service, you will have access to data privacy consultants who can secure your data.
At Mirai Security, we are experts at aligning security programs with enterprise strategies and business objectives.
We have extensive experience designing security architectures in highly regulated industries such as telecom, finance, critical infrastructure, and health.
Further, we are proficient at implementing HIPPA (US healthcare privacy law), PIPEDA (Canadian federal legislation), FOIPPA (British Columbia provincial legislation), FOIP (Alberta provincial legislation), and GDPR (EU).
What to expect:
- 01 INTRODUCTORY MEETINGS
- 02 CLASSIFY DATA & ASSIGN RISK RATINGS
- 03 REPORT & RECOMMENDATIONS
- 04 REVIEW & SIGNOFF
Then, we will facilitate additional meetings with the appropriate business unit stakeholders. We seek to understand the relevant data sources, identify data owners*, and establish which applications use sensitive information.
Classify Data & Assign Risk Ratings
Depending on the classification and risk rating provided, some owners may need to provide data flow and architecture diagrams so we can recommend the appropriate security controls.
Report & Recommendations
At this point, we will be available to help tell your security story to the board or audit committee. Further, you may choose whether to enlist our assistance with implementing the prescribed controls.
Review & Signoff
We recommend that we review the data classification annually as a best practice. After signoff, if we are notified of any change to how data is collected, processed, or used, we can advise on the change’s impact.
A data owner is an individual responsible for the management and protection of a specific set of data within an organization. Though, it is important to note that PII does not belong to anyone other than the person it is associated with. Data owners are custodians of personal information.
With this service, we will help identify and assign appropriate data ownership.
You will receive a Data Security & Privacy Report that identifies the following:
- Which of your organization's data contain PII
- How PII is collected, stored, transmitted, and shared
- If and how the PII is protected
- Our recommendations for securing the data
- Our recommendations for achieving and maintaining compliance
We also offer the following service enhancements at an additional cost:
- Technical Remediation of Controls - Our team will implement and verify the prescribed controls
- Privacy Impact Assessment (PIA) Report - We will assess the impact of a specific initiative, such as a new project or piece of software, on your organization’s previously-established compliance or privacy posture
Mirai Security is a process-focused consulting firm based in Vancouver, Canada. We are a dynamic group of cybersecurity experts with decades of experience building and operating security teams for the Canadian government, various critical infrastructure projects, the Vancouver 2010 Winter Olympics, and more.
In addition, we hold a rare engineering designation in the cybersecurity space, so our clients get novel insights and a proper, engineering-style approach to their enterprise network and data security.
Cybersecurity is a fluid, complex field, and we’ve spent 30 years figuring it out so you don’t have to.