Build Your Privacy Program

Data Privacy Compliance is essential to reach and maintain regardless of where you are doing business. B2B or B2C, services or products, building business processes and applications with a privacy by design approach will add value to your organization. 

Privacy Programs Are More Than Buzzwords

Organizations are coming to terms with the need to undergo digital transformations to safeguard the personal data of their customers and employees. Our experts support your team to define and execute a Privacy by Design strategy. 

Regulatory Requirements

There is a growing list of laws and regulations requiring organizations to protect the data of their customers, employees, and business partners which includes: CCPA, CPRA, GDPR, CDPA (Virginia), PIPEDA, Australia’s Privacy Act, and more. These regulations require processes to:

  • Enforce Data Minimization
  • Build Processes to Enforce Least Privilege
  • Build a Dynamic Data Map
  • Have Reasonable Security Measures
  • Fulfill Consumer and Employee Rights


Reasonable Security Measures

While regulations tend to be vague in defining what reasonable security measures are, the new California Consumer Privacy Act (CPRA) defines these measures as steps to protect consumers’ personal information from a security breach. Organizations must establish:

  • Contractual Security Measures with Vendors
  • Organizational Governance
  • Administrative Security Controls
  • Technical Security Controls



Privacy By Design Approach

Coined by Ann Cavoukian, PhD, Privacy by Design is a strategy of building privacy into the systems, technical processes, operational processes, and business processes. Building privacy into the requirements phase of development projects, vendor procurement, and business processes is the first step in building an organizational privacy program. The 7 principles of Privacy by Design approach are: 

  1. Proactive not reactive—prevent not remediate 
  2. Lead with privacy as the default setting
  3. Embed privacy into design
  4. Retain full functionality (win-win approach)
  5. Ensure End-to-End Security
  6. Maintain visibility and transparency
  7. User Privacy is a priority


Our Technology Partners

Data Privacy Compliance Programs are put into action through the technology offered by our partners.

OneTrust
Microsoft and M365 support security and privacy at every level of the organization.
KnowBe4 is the number one security awareness training provider on the market.
Penetration testing is an essential part of ensuring reasonable security measures are in place. Cobalt.io is a flexible method to the ever-present need to conduct penetration testing.
DarkTrace continuously monitors your attack surface for risks, high-impact vulnerabilities and external threats

The Legal Side of Privacy & Security

BD Emerson has partnered with the BD Emerson Legal Group, a law firm specializing in privacy, security, and technology, to handle the legal requirements from privacy and security compliance. From establishing contractual controls, to organizational governance, to building an enterprise risk management function, external counsel is critical to building a privacy program that will remain compliant long after the consult ends. 

LEARN MORE
Privacy often requires legal opinions as each organization faces unique situations where counsel needs to recommend a path forward and advise on risk.

Latest Privacy News

Highlights from the Privacy 

Cybersecurity

Beyond the IT Department: Why Every Business Needs a vCISO

by Drew Danner
on Mar 21
What is a vCISO? A vCISO, or Virtual Chief Information Security Officer, […]
Read more
HIPAA

A BD EMERSON SERIES: What is HIPAA?

by Drew Danner
on Mar 17
Part II – The HIPAA Privacy & Security Rule In Part I […]
Read more
Cybersecurity

New Cyber Insurance Requirements Revealed: Is Your Business at Risk of Losing Coverage?

by Drew Danner
on Feb 1
The New Cyber Insurance Minimum Thresholds The cyber insurance landscape is shifting […]
Read more