Services
Privacy Hub has extensive experience with risk management, cyber breach preparation and management.
Risk Management and Audit
Our risk management and audit experience includes:
- Performing comprehensive privacy and information management risk assessments, including preparation of data flow maps and records retention policies
- Assessing current privacy and data security policies, procedures and training
- Constructing data risk management regulatory framework to map to business operations and industry requirements
- Advising on regulatory and information security with issue tracking and incident reporting
- Developing gap analysis of program weaknesses and policy exceptions
- Developing mitigation plans mapped to gap analysis and prioritized by risk
- Creating or enhancing business line assurance and audit cycle for go forward basis
Cyber Breach Preparation and Management
Our cyber breach practice includes:
- Conducting data breach analysis through risk assessment of insider threat and weaknesses in information security systems
- Developing and implementing Data Breach and Cyber Security Incident Response Plans
- Performing data mapping of systems and records that contain and store sensitive information and the access privileges of employees and contractors
- Benefit from attorney client privilege through our sister firm
Incident Management
Privacy Hub is experienced in:
- Implementing incident management reporting tool and train employees on its use
- Training employees on reporting, escalating and managing incidents
- Ensuring organization response readiness through training and event simulations
- Modeling data loss events and event assessments for risk of harm
- Generating incident response plans and call center FAQ’s
- Managing, tracking and responding to incidents with dashboard of progress for multiple incidents
- Developing procedures for escalating matters to Privacy Hub for data breach advice and guidance
Post Breach Remediation
Our services include:
- Performing root cause analysis and develop remediation plan
- Conducting risk management assessment and implement mitigation plan
- Performing data mapping of information, data repositories and systems
- Reviewing and developing data security policies and procedures, including records retention schedules
- Conducting records management data minimization project to lower risk of unstructured data
- Training employees to use incident management tools for incident monitoring and escalation
- Providing complete integration with data breach solution providers to include credit and fraud monitoring, notice mailing, call center support and consumer complaint response process
- Providing continuous updates and threat monitoring for clients by subscription
Vendor Management and Monitoring
Our capabilities include the following risk management areas:
- Comprehensive assessment of existing vendor management compliance framework
- Creating and tailoring vendor risk assessment framework to client’s industry, size and scope
- Reviewing vendor contracts and risk rating of service providers managing Personal Information
- Remediation with compliant contracts addressing U.S data security laws, international data protection concerns, including GDPR requirements
- Assisting with vendor disputes, remediation of liability issues and managing client concerns
- Conducting due diligence for new and existing vendor agreements, including covering the areas of data breach response and security breach preparedness
- Reviewing background check programs for all vendors
- Developing vendor risk engagement and assessment training for employees across business lines