Privacy Hub has extensive experience with risk management, cyber breach preparation and management. 

Risk Management and Audit

Our risk management and audit experience includes: 

  • Performing comprehensive privacy and information management risk assessments, including preparation of data flow maps and records retention policies
  • Assessing current privacy and data security policies, procedures and training
  • Constructing data risk management regulatory framework to map to business operations and industry requirements
  • Advising on regulatory and information security with issue tracking and incident reporting
  • Developing gap analysis of program weaknesses and policy exceptions
  • Developing mitigation plans mapped to gap analysis and prioritized by risk 
  • Creating or enhancing business line assurance and audit cycle for go forward basis

Cyber Breach Preparation and Management

Our cyber breach practice includes: 


  • Conducting data breach analysis through risk assessment of insider threat and weaknesses in information security systems 
  • Developing and implementing Data Breach and Cyber Security Incident Response Plans
  • Performing data mapping of systems and records that contain and store sensitive information and the access privileges of employees and contractors
  • Benefit from attorney client privilege through our sister firm 

Incident Management

Privacy Hub is experienced in:   

  • Implementing incident management reporting tool and train employees on its use 
  • Training employees on reporting, escalating and managing incidents 
  • Ensuring organization response readiness through training and event simulations 
  • Modeling data loss events and event assessments for risk of harm
  • Generating incident response plans and call center FAQ’s
  • Managing, tracking and responding to incidents with dashboard of progress for multiple incidents
  • Developing procedures for escalating matters to Privacy Hub for data breach advice and guidance

Post Breach Remediation

Our services include: 

  • Performing root cause analysis and develop remediation plan 
  • Conducting risk management assessment and implement mitigation plan 
  • Performing data mapping of information, data repositories and systems 
  • Reviewing and developing data security policies and procedures, including records retention schedules 
  • Conducting records management data minimization project to lower risk of unstructured data
  • Training employees to use incident management tools for incident monitoring and escalation 
  • Providing complete integration with data breach solution providers to include credit and fraud monitoring, notice mailing, call center support and consumer complaint response process
  • Providing continuous updates and threat monitoring for clients by subscription

Vendor Management and Monitoring

Our capabilities include the following risk management areas: 

  • Comprehensive assessment of existing vendor management compliance framework
  • Creating and tailoring vendor risk assessment framework to client’s industry, size and scope
  • Reviewing vendor contracts and risk rating of service providers managing Personal Information 
  • Remediation with compliant contracts addressing U.S data security laws, international data protection concerns, including GDPR requirements
  • Assisting with vendor disputes, remediation of liability issues and managing client concerns 
  • Conducting due diligence for new and existing vendor agreements, including covering the areas of data breach response and security breach preparedness
  • Reviewing background check programs for all vendors 
  • Developing vendor risk engagement and assessment training for employees across business lines