Assessments

As laws surrounding data privacy are created and evolve to the change landscape of the global market, you need to know where your privacy program stands. Privacy Ref can provide you with the tools to assess your current situation and prepare you for what comes next. Through our Rapid Privacy Program Assessment™, Privacy Ref will find where you program is working and where it needs to adjust to comply with all relevant regulations.

Rapid Privacy Program Assessment™

Privacy Ref’s first step in improving privacy practices is to identify the current state of your program. Our Rapid Privacy Program AssessmentTM takes a top down approach to evaluating an organization’s privacy program and practices by comparing them to requirements from existing and forthcoming laws and regulations, industry recognized privacy frameworks, and organizational priorities. From this review and subsequent analysis, we identify risks and areas for program improvements. The focus is on actual day-to-day activities of individuals and how they handle personal data. This permits us to focus on a rapid, minimally invasive interview and observation process that can take place over a single business week.

Once the Assessment is completed, you will receive an easy-to-understand report that breaks down the requirements in easily digestible tables. For each requirement reviewed, Privacy Ref identifies the source of the requirement, describes it in plain language, and provides a status for your organization measured against the established industry practices. No legal jargon. No equivocation. Just a straightforward statement about where you stand.

At the end of the process, you will receive an executive briefing that presents findings, expert recommendations and proposed next steps.

All Rapid Privacy Program Assessments™ share a process that includes:

  • Review of client supplied artifacts
  • Up to 4 days at the client site plus follow-ups completed remotely
  • Minutes for review and approval after each meeting
  • Preliminary assessment document for review and acceptance 
  • Final assessment document
Assessment ContentsFrameworks
– Executive summary
– Assessment Process
– Overview of Observations
– Comparison with selected framework(s)
– Improvement Recommendations
– Generally Accepted Privacy Principles (GAPP)
– General Data Protection Regulation (GDPR)
– California Consumer Privacy Act (CCPA)
– Canadian Personal Information Protection and Electronic Documents Act (PIPEDA)
– Australian Privacy Principles (APP)
– Health Insurance Portability and Accountability Act (HIPPA)

Process Stages

1. Artifact Review

Analyze documents:
– Privacy Policy
– Codes of conduct
– Relevant procedures
– Charters

2. Kick-off Meeting

– Meet the team
– Understand privacy program
– Discuss joint objectives, processes, deliverables
– Answer questions
3. Privacy Ref On-site

– Conduct expert interviews
– Observe behavioral practices
– Identify areas that may increase risk


4. Compile

Analyze observations to deliver a preliminary report
5. Discuss

Address any concerns in the preliminary report
6. Final Version

Published containing a prioritized list of actionable items found during the assessment

Easy-to-Understand Findings

Receiving a report is only the start of a process. You must then convey the results to your organization, something that can be a challenge if the findings are not delivered in a manner that is easy to consume.

Privacy Ref has broken down legal and other framework requirements into easy-to-understand tables. For each requirement, Privacy Ref’s tables identify the source of the requirement, a plain language description of the requirement and the status of your organization relative to the requirement.      

Want to find out more?

Please email info@privacyref.com and someone from Privacy Ref will be in touch with you or call (888) 470-1528.