DataProbity

Through the use of our proven NACCAPISER ® platform, we provide privacy consulting services in a unique manner that not only identifies an organization's privacy risk footprint and requirements, but directly aligns these needs to the NACCAPISER ® training platform and collaborative enterprise environment to enable cross-sector development and alignment around an evolving set of privacy policies, processes and controls. This unique joint training and consulting approach enables an enterprise to address immediate privacy risks and obligations in a precise, resource-focused manner. This streamlined approach not only addresses current requirements, such as those for GDPR and CCPA, but also establishes a robust, agile, corporate-wide foundation upon which to enhance or evolve new controls in advance of pending or future privacy legislation, including emerging regional privacy laws, such as the state-levels laws in the U.S.

Our privacy consulting services include our Privacy Walkthru ® risk assessment methodology which has been delivered across a wide array of companies in most industry sectors. This methodology addresses the flow of personal data from the point of collection from the data subject or individual, through the various uses, transfers and sharing flows within a corporation or with external vendors and partners. Each data flow is assessed for compliance to the core set of privacy principles defined in the in-scope data protection law, regulation, industry standard or best practice. Privacy Walkthru ® meets the requirements of the data protection impact assessment (DPIA) and Record of Processing Activities (ROPA) specified in the General Data Protection Regulation (GDPR). Additionally, it aligns to the final requirements in the California Consumer Privacy Act (CCPA) as well as newly-emerged regional privacy laws.

We have been guiding our clients in the development of Privacy by Design concepts since its formal introduction ten years ago. As an organization, we've been part of the industry standards collaborative effort in OASIS to evolve the Privacy by Design for Software Engineers standard. We are well-positioned to continue to drive these concepts in our client work through the delivery of Privacy by Design, and Data Protection by Design, solutions and tools that are aligned with the requirements specified in GDPR. We are also involved in the evolution of Privacy Engineering standards and have incorporated the newly-proposed NIST privacy engineering triad of principles, predictability, manageability and disassociability, into our client solutions and privacy risk assessment tools. We have a full range of services that enable our clients to rapidly adopt Privacy by Design and privacy engineering concepts into their product development processes, including formal SDLC and Agile toolsets.

For over 20 years, we have been advising corporations on privacy and data protection. Our clients come from a variety of sectors including health care, insurance, finance, energy, media, industrial, consumer goods, gaming, telecommunications, enterprise software and mobile apps. Our consultancy offers services in all areas of privacy including digital marketing and email campaigns, product definitions, privacy policy development, process definitions, reporting and audit, and privacy awareness and training. As an organization, we have been integrally involved in defining the security and privacy requirements for new technology standards for wireless and mobile, cloud computing, big data, and application microservices. We hold Expert Liaison status to ISO/IEC JTC1 SC27 WG5, "Identity management and privacy technologies" and we are members of the U.S. Technology Advisory Group for ISO/PC 317, "Consumer protection: privacy by design for consumer goods and services".

We have been translating global privacy laws into corporate policies and product requirements for over two decades. Our deep knowledge of the evolution of privacy requirements across Europe from the original EU Data Directive to the General Data Protection Regulation includes the UK's (and other) country-specific regulations, the ePrivacy Regulation, and the suite of emerging, privacy-related regulations for telecommunications, digital marketing etc.

Our involvement in California-specific regulations has included the regulations related to breach, web notifications, mobile applications and data sharing ("Shine the Light"). We have closely watched the legislative evolution of the bills that now comprise the California Consumer Privacy Act and continue to monitor as additional privacy-related regulations are proposed in the new legislative sessions.

We are also focused on the array of emerging state-level privacy laws that specifically address biometrics, artificial intelligence and machine learning.

As new laws emerge around the world, we are well-positioned to identify the new requirements and rapidly integrate them into our suite of existing privacy tools and frameworks.

We enable companies to drive data strategies for compliance with regulations as well as globally-recognized technology standards for privacy, security and identity management. As an organization, we continue to be deeply involved in the development of these global standards and industry best practices.