Build Your Privacy Program

Data Privacy Compliance is essential to reach and maintain regardless of where you are doing business. B2B or B2C, services or products, building business processes and applications with a privacy by design approach will add value to your organization. 

Privacy Programs Are More Than Buzzwords

Organizations are coming to terms with the need to undergo digital transformations to safeguard the personal data of their customers and employees. Our experts support your team to define and execute a Privacy by Design strategy. 

Regulatory Requirements

There is a growing list of laws and regulations requiring organizations to protect the data of their customers, employees, and business partners which includes: CCPA, CPRA, GDPR, CDPA (Virginia), PIPEDA, Australia’s Privacy Act, and more. These regulations require processes to:

  • Enforce Data Minimization
  • Build Processes to Enforce Least Privilege
  • Build a Dynamic Data Map
  • Have Reasonable Security Measures
  • Fulfill Consumer and Employee Rights

Reasonable Security Measures

While regulations tend to be vague in defining what reasonable security measures are, the new California Consumer Privacy Act (CPRA) defines these measures as steps to protect consumers’ personal information from a security breach. Organizations must establish:

  • Contractual Security Measures with Vendors
  • Organizational Governance
  • Administrative Security Controls
  • Technical Security Controls

Privacy By Design Approach

Coined by Ann Cavoukian, PhD, Privacy by Design is a strategy of building privacy into the systems, technical processes, operational processes, and business processes. Building privacy into the requirements phase of development projects, vendor procurement, and business processes is the first step in building an organizational privacy program. The 7 principles of Privacy by Design approach are: 

  1. Proactive not reactive—prevent not remediate 
  2. Lead with privacy as the default setting
  3. Embed privacy into design
  4. Retain full functionality (win-win approach)
  5. Ensure End-to-End Security
  6. Maintain visibility and transparency
  7. User Privacy is a priority

Our Technology Partners

Data Privacy Compliance Programs are put into action through the technology offered by our partners.

The Legal Side of Privacy & Security

BD Emerson has partnered with the BD Emerson Legal Group, a law firm specializing in privacy, security, and technology, to handle the legal requirements from privacy and security compliance. From establishing contractual controls, to organizational governance, to building an enterprise risk management function, external counsel is critical to building a privacy program that will remain compliant long after the consult ends. 

Latest Privacy News

Highlights from the Privacy 

What is a vCISO? A vCISO, or Virtual Chief Information Security Officer, […]
Part II – The HIPAA Privacy & Security Rule In Part I […]
The New Cyber Insurance Minimum Thresholds The cyber insurance landscape is shifting […]