NIST Privacy Risk Assessment
Privacy regulations create a myriad of remediation and compliance complications. Many companies struggle with determining which regulations apply to their organization and what the scope of their responsibilities are. With the privacy landscape changing at breakneck pace, sorting through the number of industry and government regulations such as CCPA, GDPR, LGPD, PIPEDA, FERPA, HIPAA Privacy Rule, and the numerous pending state regulations is a daunting task for many organizations. To compound the issue todays organizations are collecting a large amount of data including names, addresses, phone numbers, IP addresses, geolocation data, drivers license numbers, social security numbers, and much more. The recent pandemic has prompted many organizations to add health data to the data collected about individuals.
Privacy is often considered an IT problem or even a problem for “the folks in legal’. Such a myopic view can be detrimental to the organization with many of these regulations carrying a hefty fine for non-compliance. Privacy effects the whole organization and as such needs to be thought of as an enterprise initiative. As you develop your processes for handling data subject Access Requests, incident response plans, data breach response communications plans and all the requisite technical safeguards you should be approaching these activities with an enterprise lens on these initiatives.
At TBG Security we’ve adopted the new NIST Privacy Framework as we are aware cybersecurity and privacy are connected, but different. That being said, we take a methodical approach to determining any organizations readiness to meet their privacy requirements by leveraging the NIST Privacy Framework as the core of our Privacy Risk Assessments. When conducting our assessments we leverage NIST PRAM (Privacy Risk Assessment Methodology). This consists of the following activities:
- Framing Business Objectives and Organizational Privacy Governance
- Assessing System Design; Supporting Data Map
- Prioritizing Risk
- Assessing Your Privacy Readiness
- Report Delivery
Benefits Of Working With Us
- 20 plus years of cybersecurity consulting services
- Deep understanding of and appreciation for individual privacy and the regulatory requirements therein.
- Product agnostic
- Range of compliance services available
Get In Touch
Want to know more about our privacy Consulting Services? We’re here to help.