Understand How a Range of Privacy Laws Applies to You
As your business grows, you face new privacy requirements from other states and even other nations. Pratum’s consultants will help you understand your obligations under a wide variety of data privacy laws passed in New York, California, the European Union and more. Then we’ll help you create an efficient compliance plan.
Request Data Privacy Compliance Support
GDPR Guidance for U.S.-Based Companies
The European Union’s General Data Protection Regulation (GDPR) applies to any organization that handles personal data of EU citizens, regardless of their geographic location. This data could include names, photos, social media posts, computer IP addresses and more. Companies that fail to comply could face fines running into the millions of dollars.
Pratum can review your business operations to determine where you must comply with GDPR or the EU-U.S. Privacy Shield Frameworks, which apply to data transferred between the EU and the U.S. With a clear understanding of your requirements, we create a plan to help you establish policies that support your growth plans.
Cybersecurity Services for GDPR
Our team will explain your EHR and PHI responsibilities under three regulatory frameworks:
- Review organizational controls to assess current alignment with GDPR & Privacy Shield requirements.
- Inventory data inventory to determine scope of data and entities covered by GDPR and Privacy Shield requirements.
- Review data classification policy or standard and the effectiveness of its implementation, including draft of a Data Classification Standard based on NIST SP 800-60 and FIPS 199.
- Identify and register with an Independent Resource Mechanism, as required by Privacy Shield.
- Provide third-party compliance review for self-certification process.
- Generate materials required to complete Privacy Shield self-certification process.
Guidance for NYDFS Regulations
The New York Department of Financial Services (DFS) requires each regulated entity to assess its specific risk profile, assign a Chief Information Security Officer (CISO) and design a robust program that addresses its risks. The regulations apply not only to New York-based companies, but to any organization that does financial business in New York State.
We begin your NYDFS cybersecurity program by getting to know your organization and understanding your business objectives. Then we develop a plan that aligns with your specific security needs and requirements. Several Pratum services meet specific requirements of NYDFS, including our Virtual CISO (vCISO) service and a team of analysts and advisors that deliver expert security leadership, insight, and support while functioning as an extension of your business.
Cybersecurity Services for NYDFS
Pratum's services fulfill several specific requirements of this framework:
- Establish and maintain a cybersecurity program based on a periodic risk assessment. Our vCISO service assists with implementation and reporting obligations.
- Draft policies that support your specific objectives and risks.
- Perform a risk assessment to lay the baseline for rational decisions that improve security posture and align risk with acceptable tolerance levels.
- Create and deliver training content for your unique security needs. Pratum's Managed XDR leverages Pratum’s security operations center (SOC) to deliver a managed security service that provides continuous data analysis, threat intelligence, and security incident reporting.
- Develop an incident response infrastructure including response and remediation plans, training, communications, and management direction.
Guidance for CCPA Regulations
The California Consumer Privacy Act (CCPA) took effect in 2020, giving California consumers better transparency about and control of how their personal information is used. Because the state has nearly 40 million residents, this law affects countless businesses across the U.S., and the CCPA is providing a model for laws taking shape in other states.
California voters also approved the California Privacy Rights Act (CPRA), which extended CCPA’s scope and gave the state power to enforce the law’s requirements.
Cybersecurity Services for CCPA
- Review how CCPA and similar state laws apply to you.
- Provide a security leader who can manage your compliance work.
- Update your privacy notices to meet requirements.
- Perform data inventory to confirm where and how you store information.
- Develop systems for responding to consumer requests about their personal information.
- Create verification systems to ensure you are sharing information with the proper people.
- Manage your annual legal reporting requirements.