Review of Privacy Practices
Privacy concerns exist wherever personally identifiable information or other sensitive information is collected, stored, used, and finally destroyed or deleted in digital form or otherwise. Improper or non-existent procedures for data disclosure are often a root cause of privacy issues. Organizations are not always aware that privacy laws cover categories of personal information including:
- Healthcare records
- Geo-location data and home addresses
- Financial institutions and transactions
- Biological traits, such as genetic material
- Criminal justice investigations and proceedings
- Tracking of web surfing behaviour or user preferences using persistent cookies
The challenge of data privacy is to utilize data while protecting individual’s privacy preferences and their personally identifiable information. The fields of computer security, data security and information security design and utilize software, hardware and human resources to address this issue. As the laws and regulations related to privacy and data protection are continually changing, it is important to keep abreast of any changes in the law and regularly reassess compliance with data privacy and security regulations.
Review the privacy practices of a key player in power generation and mitigate risk using KI Design’s risk-based approach to data privacy and security.
KI Design conducted a privacy, security, and risk assessment for technical and non-technical asset data flows. We conducted a review in three stages:
Investigation and Maturity: Building a profile of the organization’s privacy history and goals, including current privacy concerns
Privacy and Security Risk Assessment: Taking inventory of data assets, vulnerabilities, risk levels, and mitigating controls in order to assess compliance with legislative obligations and industry best practices
Recommendations and KI Tools: Creating a simple, scalable plan to grow the organization’s privacy maturity, defining risk mitigation steps and program strategy
At the end of the project, we provided a Maturity Assessment, a Privacy and Security Assessment, and a Privacy Plan tailored to the needs of the organization.
- Interviewed appropriate personnel
- Reviewed privacy training procedures
- Reviewed third-party provider contracts
- Reviewed physical and technical controls
- Reviewed and assessed policies and procedures
- Documented automated and manual data collection processes
- Evaluated processes to measure and control risks
- Reviewed existing privacy practices
- Offered concrete tools for responding to privacy concerns
- Recommended necessary structures for an appropriate privacy program
KI Design has a proven track record of successful engagement with a wide variety of clients from the public and private sectors, including from government. Our privacy review services leave our clients assured of compliance, and prepared to address upcoming challenges.