Evolving US Federal law provides protections to consumer information, such as HIPAA, Gramm-Leach-Bliley Act (GLBA), and Fair and Accurate Credit Transactions Act (FACTA, including Red Flags). States have enacted their own laws providing additional protection. For example, 48 states have breach laws, such as Massachusetts’ 201 CMR 17. Similarly, numerous international laws have been adopted, such as: European Directive, Personal Information Protection and Electronic Documents Act (PIPEDA), and the more than 50 countries that have enacted omnibus data privacy laws covering the private sector (e.g., Mexico’s Federal Law on the Protection of Personal Data Held by Private Parties). The SecureState Privacy Gap Assessment compares your privacy program against applicable law and industry best practices.
- Choice and consent
- Use, retention, and disposal
- Disclosure to third parties
- Security for privacy
- Monitoring and enforcement
- Identification and compliance with applicable privacy law and regulatory guidance
- Proper 3rd party objective demonstration of compliance
- Avoidance of fines and regulatory action
- Client-centric program for safeguarding personally identifiable information
- Reduction of the cost, confusion, and complexity of compliance
SecureState’s Audit & Compliance consultants are experts in understanding both the technical aspects as well as the business aspects of your organization. Our experience and knowledge, developed while working with some of the top Fortune 500 financial institutions in the country and a governing body, provides your organization with a true picture of your compliance with GLBA.