With data becoming the new cyber currency and data-gathering activities accelerating, companies are expected to demonstrate a commitment to accountability, lawfulness, transparency, and data protection. The rising tide of regulatory compliance and expansion of data across the extended enterprise requires organizations to re-engineer their business practices, redesign their data privacy policies and practices, and rearchitect their applications and backend infrastructure.
CohnReznick takes a strategic approach to helping organizations implement a comprehensive data privacy program. Using a proven data privacy framework, we help organizations establish an effective governance structure, improve policies and regulatory awareness, enhance data management practices, and devise a robust privacy strategy and roadmap. A holistic privacy management program can give organizations a differentiating, competitive advantage.
Policy & regulation awareness
CohnReznick helps organizations assess the validity of the mechanisms and resources in place to manage privacy within the organization. We do this by helping identify applicable laws, regulations, and gaps.
CohnReznick helps companies with the complete data governance lifecycle by conducting a comprehensive and accurate inventory of its data assets with appropriate classification, determining the different levels of access, implementing protection mechanisms, documenting retention requirements, and establishing secure disposal practices of the data and the assets across the organization’s environment.
Privacy strategy architecture and development
We help design an applicable privacy roadmap tailored to the company’s ecosystem to make certain the organization’s privacy strategy allows the company to continuously measure and improve operations and ensure continued adherence to changing privacy policies. It is imperative that the privacy strategy and architecture are well-defined and documented, and that policies, standards, and procedures are well-documented and communicated.
CohnReznick helps companies develop privacy policies and procedures in alignment with privacy laws and regulations.
Many principles affect the operationalizing of a comprehensive privacy program. CohnReznick helps companies monitor compliance according to internal and third-party privacy policies. We help put a process in place for how to respond to requests from individuals (rights of “to be informed,” “access,” “rectification,” “erasure,” “stop processing,” and “data portability”) and conduct privacy awareness campaigns and training.
We help organizations ensure that privacy requirements are embedded in the organization’s information security policies and procedures, and that there is a process in place to respond to privacy-related data breaches.
Our privacy lifecycle framework helps companies develop their privacy programs through six strategic phases.
Select a stage to learn more.
GovernanceEstablish the overarching organizational roles and responsibilities to help ensure the appropriate governance is in place to manage privacy within the organization.
Policy and regulation awarenessEnsure the organization understands and plans to meet applicable laws, regulations, and other requirements related to privacy.
Data managementEnsure that the company has a complete and accurate inventory of data assets, that it grants access to personal data only to authorized people, that the data is used, ethically, only for the purposes in which it has been collected, and that the data is secure.
Strategy and architectureDefine and document privacy strategy, solutions architecture, and roadmap. The policies, standards, and procedures should also be defined, documented, published, and maintained.
Prioritize and implementImplement the privacy roadmap, solutions architecture, policies, standards, and procedures in a timely manner within organizational, technical, resource, and budgetary constraints.
OperationsRespond to privacy-related data breaches and monitor compliance with internal and third-party privacy policies while also responding to requests from individuals (rights of “to be informed,” “access,” “rectification,” “forgotten,” “stop processing,” and “data portability”).
Continuous improvementContinuously measure and improve privacy operations to help ensure continued adherence to changing privacy requirements.
InsightThe California Consumer Privacy Act (CCPA): Just the basicsShahryar Shaghaghi, Alison BirdThe California Consumer Privacy Act (CCPA) has created extensive new requirements regarding consumers’ data privacy rights – and stiff penalties for infringing on them. Here’s what to know.
InsightLeak of 30,000 cannabis customer records heightens need for effective data securityShahryar Shaghaghi, Ira WeinsteinBusinesses in the cannabis supply chain should fortify their systems and processes to comply with data privacy regulations. Here’s what to know.
InsightThe wait is over: Cybersecurity Maturity Model Certification (CMMC) Model v1.0 releasedBhavesh Vadhani, Kristen SolesThe CMMC will assess DOD contractors and subcontractors on their implementation of cybersecurity controls, processes, and practices. Here’s what to know.
InsightBest Bites: December GovCon Lunch & Learn on CMMC, other security rulesBhavesh VadhaniCohnReznick’s December 2019 GovCon Lunch & Learn presented perspectives on DOD’s new Cybersecurity Maturity Model Certification. Click to learn more