Assessments

The requirements for a privacy program are constantly changing. New laws and regulations, revised interpretations of laws and regulations, and changes in your business environment can all lead to a need to review and revise your privacy practices. Privacy Ref has three privacy program assessment offerings to help you assure your practices meet your organization’s needs.

AI Assessments

Privacy Ref’s AI Readiness Assessment is focused on knowing if your organization is ready to use AI enabled products or tools and what is needed in order to close gaps with AI policies or procedures. Whether you are looking to comply with a specific law or want to make sure existing policies or procedures meet industry standards, Privacy Ref’s AI Readiness Assessment will get your company on the right track.

In particular, Privacy Ref will focus on the information used to train and test your AI. This includes the data that will be used and where it came from to ensure bias is considered and handled appropriately.

Privacy Assessments

Our Rapid Privacy Program Assessment™ process allows you to take advantage of our expertise to assure your compliance with applicable laws and industry best practices. We leverage the NIST Privacy Framework, Generally Accepted Privacy Principles Model (GAPP), and/or the Privacy Ref Requirements Frameworks™ that breakdown the requirements of a myriad of international privacy laws to document your compliance and your gaps.

We also compare your privacy program’s support of business objectives. This results in a comprehensive report including identification of recommendations with their associated risks and estimated effort to implement them.

Frameworks

The labyrinth of laws and regulations is complex. Any organization must comply with those requirements not only found in their home jurisdiction, but in many cases those other jurisdictions where they do business. To comply, an organization must breakdown the relevant statutes to determine the individual requirements in each jurisdiction.

Privacy Ref has constructed Frameworks which break down the legal requirements with which a business must comply. We provide Frameworks in two formats, by jurisdiction or by sector. For example, outside the United States we provide Frameworks for individual countries. Within the US, we provide Frameworks by sector such as Education, Healthcare, Finance, as well as a framework for US State Privacy Laws.

Each Framework is constructed to allow someone who is not privacy-knowledgeable to understand their organization’s compliance risks. For jurisdictions or sectors where multiple laws share requirements, the requirement is only listed once with citations for each of the legal requirements minimizing your research.