Privacy Audit and Assessments; we are ready when you are! Call +1 (888) 896-7580 today.

Personal information is an increasingly valuable and increasingly risky core business asset. As the global business community struggles to keep up with the critical, fast-changing data protection laws, exponentially increasing the risk of data breaches, and the ensuing business damage that inevitably follows, Lazarus Alliance is uniquely positioned to help guide our global clientele.

Lazarus Alliance will guide your organization through the discovery of how your business is handled personally identifiable information (PII). A privacy impact assessment (PIA) provides your organization with an analysis of how PII, as well as other confidential information, is being collected, used, shared, and maintained.

Organizations looking to get ahead of the increasing demands of new data protection laws and regulations around the world can utilize a PIA to prepare to enhance privacy policies and procedures, or to comply with existing regulations such as GDPR, CCPA, HIPAA Privacy Rule, EU-U.S. Privacy Shield and the AT-101 SOC 2 Privacy Trust Principle.

Talk with one of our experts

Our Lazarus Alliance Cybervisor™ teams have experience performing thousands of assessments for organizations providing services to clients around the world.

We're here to answer any questions you may have.

Just the facts

During a PIA, Lazarus Alliance's privacy professionals will work with your organization to understand and analyze the PII that your organization interacts with. Based on the needs of your organization, Lazarus Alliance will make recommendations or develop your privacy program to better handle and protect that information.

Lazarus Alliance provides the attestation reports you need to demonstrate diligence and compliance. Your customers will gain and remain confident that their information is processed as intended and secured.

Our expertise includes:

  • Data Flow Documentation and Analysis
  • Data Governance
  • Data Privacy Framework and Strategy Development
  • Policy and Procedure Development
  • Privacy Impact Assessments (PIA)

Our regulatory compliance services include:

SOC 1, SOC 2 and SOC 3 SOC Audit and Assessments; we are ready when you are! Call +1 (888) 896-7580 today.

SOC 2 Privacy

The trust services criteria applicable to a SOC 2 privacy audit covering the privacy criteria applies only to personal information such as health records, payment card information, or other personally identifiable information (PII) and how personal information is collected, used, retained, disclosed, and disposed to meet the entity's objectives.

The privacy criteria will encompass notice and communication of objectives, choice and consent, collection, use, retention, and disposal, access, disclosure and notification, quality, and monitoring and enforcement.

Lazarus Alliance HIPAA Audit attestations that help protect client's data and reputation.

Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule

The HIPAA Privacy Rule establishes standards in the United States to protect individuals’ medical records and other personal health information. It applies to organizations that manage health plans, health care clearinghouses, and those health care providers that conduct certain health care transactions electronically. The Rule requires appropriate safeguards to protect the privacy of personal health information, and sets limits and conditions on the uses and disclosures that may be made of such information without patient authorization. The Rule also gives patients rights over their health information, including rights to examine and obtain a copy of their health records, and to request corrections.

Gramm-Leach-Bliley Act (GLBA) Privacy of Consumer Information Rule

The Gramm-Leach-Bliley Act (GLB Act or GLBA) is also known as the Financial Modernization Act of 1999. It is a United States federal law that requires financial institutions to explain how they share and protect their customers’ private information. To be GLBA compliant, financial institutions must communicate to their customers how they share the customers’ sensitive data, inform customers of their right to opt-out if they prefer that their personal data not be shared with third parties, and apply specific protections to customers’ private data in accordance with a written information security plan created by the institution.

European Union (EU) General Data Protection Regulation (GDPR)

The General Data Protection Regulation (GDPR) is the toughest privacy and security law in the world. Though it was drafted and passed by the European Union (EU), it imposes obligations onto organizations anywhere, so long as they target or collect data related to people in the EU. The GDPR will levy harsh fines against those who violate its privacy and security standards, with penalties reaching into the tens of millions of euros.

State and Local Privacy Laws and Regulations

The most recent additions to the privacy laws emerging are listed. A common trend is these laws allow people to find out what data companies are collecting about them, see who they’re sharing that data with, request that it be corrected or deleted, and avoid having their data shared with or sold to third parties altogether. Consumers also have the ability to sue your company if they believe a violation exists.

The list goes on but examples include:

  • The California Privacy Rights Act (CPRA), formerly the California Consumer Privacy Act (CCPA)
  • The New York Privacy Act
  • The Massachusetts Commonwealth Regulations, Code 201 § 17.00
  • Virginia Consumer Data Protection Act (VCDA)

PIPEDA

Organizations covered by PIPEDA must generally obtain an individual's consent when they collect, use or disclose that individual's personal information. People have the right to access their personal information held by an organization. They also have the right to challenge its accuracy. Personal information can only be used for the purposes for which it was collected. If an organization is going to use it for another purpose, they must obtain consent again. Personal information must be protected by appropriate safeguards.

All businesses that operate in Canada and handle personal information that crosses provincial or national borders in the course of commercial activities are subject to PIPEDA, regardless of the province or territory in which they are based (including provinces with substantially similar legislation).

The principles are:

  • Accountability
  • Identifying Purposes
  • Consent
  • Limiting Collection
  • Limiting Use, Disclosure, and Retention
  • Accuracy
  • Safeguards
  • Openness
  • Individual Access
  • Challenging Compliance

U.S. Privacy Shield

The EU-U.S. and Swiss-U.S. Privacy Shield Frameworks were designed by the U.S. Department of Commerce and the European Commission and Swiss Administration to provide companies on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States in support of transatlantic commerce.

A PIA can help chart the path for proper handling of PII. Additionally, PIA’s reinforce your organization’s commitment to protecting privacy and can help strengthen public trust and confidence in your data privacy protections.

For PIA services that reduce your business risks call +1 (888) 896-7580  to get started.