Privacy Gap Assessment

The Privacy Assessment includes a privacy risk analysis, identifying data flows, and assessing PII safeguards and privacy controls.

Evolving US Federal law provides protections to consumer information, such as HIPAA, Gramm-Leach-Bliley Act (GLBA), and Fair and Accurate Credit Transactions Act (FACTA, including Red Flags). Many areas have enacted their own laws providing additional protection, for example 47 states, the District of Columbia, Guam, Puerto Rico and the Virgin Islands have enacted legislation requiring private, governmental or educational entities to notify individuals of security breaches of information involving personally identifiable information. Similarly, numerous international laws have been adopted, such as: European Directive, Personal Information Protection and Electronic Documents Act (PIPEDA), and the more than 50 countries that have enacted omnibus data privacy laws covering the private sector (e.g., Mexico’s Federal Law on the Protection of Personal Data Held by Private Parties). The SecureState Privacy Gap Assessment compares your privacy program against applicable law and industry best practices.


It is important for organizations to proactively review the legislative landscape, contractual obligations, and customer expectations to verify their privacy and safeguarding programs. Securing PII and achieving compliance requires more than scanning and annual audits. True compliance is achieved when organizations are able to make the right security decisions throughout the year, which requires an organization to:

  • Understand rapidly evolving privacy compliance obligations
  • Develop an enterprise-wide strategy and plan for achieving compliance
  • Implement required operational changes
  • Train employees on threats and compliance obligations
  • Maintain compliance throughout the year


SecureState consultants are experts in understanding both the technical and business aspects of your organization. Our experience and knowledge, developed while working with a governing body and some of the top Fortune 500 financial institutions in the country, provides your organization with a true picture of your privacy compliance.

Approach and Methodology

SecureState’s approach maps out critical information processes and determines if regulatory controls have an impact on the business. The goals are to:

  • Efficiently execute your privacy compliance effort
  • Examine the regulations and get answers for you quickly
  • Ensure remediation is cost-justified
  • Keep you up-to-date on Privacy requirements, threats, and liabilities

Based on SecureState’s experience, very few organizations are fully compliant with privacy laws and regulations. Therefore, SecureState has developed a cost-effective approach that will provide the most options and flexibility while becoming compliant with the various laws. Privacy services performed by SecureState can include the following:

  • Privacy Assessments
  • Privacy Audits
  • Privacy Policy Development
  • Breach Notification Procedures
  • Privacy Awareness Training
  • PCI, GLBA, & HIPAA Privacy Compliance
  • Guidance and assistance in developing and implementing an overall privacy program
  • Guidance on compliance with the Gramm-Leach-Bliley Act, Fair Credit Reporting Act, FACTA Act (Red Flag Rules) and implementing regulations and regulatory guidance related to the financial industry.
  • Compliance efforts regarding European Union data protection Directives and initiatives, Canada’s PIPEDA, and other international privacy regulations.
  • Monitoring of state and federal privacy-related legislation and regulations, and guidance on compliance with such laws and regulations (S.B. 1490, BEST PRACTICES ACT of 2010).
  • Monitoring of industry best practices and developments, and guidance on complying with or maintaining practices in line with changing industry standards.
  • Development of privacy and data security training programs
  • Development of due diligence and contractual language with respect to vendors that obtain or have access to personal data
Get Started!