Personal information is an increasingly valuable and increasingly risky core business asset. As the global business community struggles to keep up with the critical, fast-changing data protection laws, exponentially increasing the risk of data breaches, and the ensuing business damage that inevitably follows, Lazarus Alliance is uniquely positioned to help guide our global clientele.
Organizations looking to get ahead of the increasing demands of new data protection laws and regulations around the world can utilize a PIA to prepare to enhance privacy policies and procedures, or to comply with existing regulations such as GDPR, CCPA, HIPAA Privacy Rule, EU-U.S. Privacy Shield and the AT-101 SOC 2 Privacy Trust Principle.
Talk with one of our experts
Our Lazarus Alliance Cybervisor™ teams have experience performing thousands of assessments for organizations providing services to clients around the world.
We're here to answer any questions you may have.
Just the facts
During a PIA, Lazarus Alliance's privacy professionals will work with your organization to understand and analyze the PII that your organization interacts with. Based on the needs of your organization, Lazarus Alliance will make recommendations or develop your privacy program to better handle and protect that information.
Lazarus Alliance provides the attestation reports you need to demonstrate diligence and compliance. Your customers will gain and remain confident that their information is processed as intended and secured.
Our expertise includes:
- Data Flow Documentation and Analysis
- Data Governance
- Data Privacy Framework and Strategy Development
- Policy and Procedure Development
- Privacy Impact Assessments (PIA)
Our regulatory compliance services include:
AT-101 SOC 2 Privacy
The trust services criteria applicable to a SOC 2 privacy audit covering the privacy criteria applies only to personal information such as health records, payment card information, or other personally identifiable information (PII) and how personal information is collected, used, retained, disclosed, and disposed to meet the entity's objectives.
The privacy criteria encompases notice and communication of objectives, choice and consent, collection, use, retention, and disposal, access, disclosure and notification, quality, and monitoring and enforcement.
Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule
The HIPAA Privacy Rule establishes standards in the United States to protect individuals’ medical records and other personal health information. It applies to organizations that manage health plans, health care clearinghouses, and those health care providers that conduct certain health care transactions electronically. The Rule requires appropriate safeguards to protect the privacy of personal health information, and sets limits and conditions on the uses and disclosures that may be made of such information without patient authorization. The Rule also gives patients rights over their health information, including rights to examine and obtain a copy of their health records, and to request corrections.
Gramm-Leach-Bliley Act (GLBA) Privacy of Consumer Information Rule
The Gramm-Leach-Bliley Act (GLB Act or GLBA) is also known as the Financial Modernization Act of 1999. It is a United States federal law that requires financial institutions to explain how they share and protect their customers’ private information. To be GLBA compliant, financial institutions must communicate to their customers how they share the customers’ sensitive data, inform customers of their right to opt-out if they prefer that their personal data not be shared with third parties, and apply specific protections to customers’ private data in accordance with a written information security plan created by the institution.
European Union (EU) General Data Protection Regulation (GDPR)
The General Data Protection Regulation (GDPR) is the toughest privacy and security law in the world. Though it was drafted and passed by the European Union (EU), it imposes obligations onto organizations anywhere, so long as they target or collect data related to people in the EU. The GDPR will levy harsh fines against those who violate its privacy and security standards, with penalties reaching into the tens of millions of euros.
State and Local Privacy Laws and Regulations
The most recent additions to the privacy laws emerging are listed. A common trend is these laws allow people to find out what data companies are collecting about them, see who they’re sharing that data with, request that it be corrected or deleted, and avoid having their data shared with or sold to third parties altogether. Consumers also have the ability to sue your company if they believe a violation exists.
The list goes on but examples include:
- The California Consumer Privacy Act (CCPA)
- The New York Privacy Act
- The Massachusetts Commonwealth Regulations, Code 201 § 17.00
U.S. Privacy Shield
The EU-U.S. and Swiss-U.S. Privacy Shield Frameworks were designed by the U.S. Department of Commerce and the European Commission and Swiss Administration to provide companies on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States in support of transatlantic commerce.
A PIA can help chart the path for proper handling of PII. Additionally, PIA’s reinforce your organization’s commitment to protecting privacy and can help strengthen public trust and confidence in your data privacy protections.
For PIA services that reduce your business risks call +1 (888) 896-7580 to get started.