Privacy & Security

Objective: Protect sensitive corporate information from inappropriate use or disclosure that includes intellectual property, proprietary information (financial transactions, HR) and includes information subject to privacy requirements such as customer information (PII, PCI), health information (PHI) and employee benefits.

Challenge: More stringent legal requirements, regulatory enforcement and industry standards for protection of personal information of customers and employees (e.g., HIPAA, PCI, PII, Data Protection Directives, GLBA). Excessive collection and proliferations of protected information in business processes and systems that were not designed to address new privacy requirements. Leakage of protected information from official systems to less-secure repositories, such as email and file shares. Insecure handling and disposition of hard copy, removable media, retired PC, laptops, systems and servers. Lack of a corporate information classification standard and guidelines, controls, and processes for enforcement. Local PC/laptop hard drives not encrypted, removable media with minimal or no encryption, mobile devices containing sensitive data

Contoural: Assess current policies and practices for protection of sensitive documents and information. Develop a Record Type Inventory that identifies sensitive information types and specific requirements. Develop a Data Classification Standard for marking documents and information, and educating employees on requirements for compliance. Work with stakeholders to identify administrative, physical and technical controls. Develop procedures/processes to place/keep each class of information in repositories that can provide the required controls and safeguards. Identify taxonomy for search and monitoring of company specific documents and terms for use in Data Loss Prevention tools.

View All Upcoming Events


Creating Modern, Compliant, and Easier-to-Execute Records Retention Schedules In this white paper, Contoural outlines the best practices for creating and maintaining a records retention schedule that is modern, compliant and eas... 2018-01-01
Read the Summary and Request the White Paper

Creating a California Consumer Privacy Act Action Plan Part 1 This white paper is part one of a two-part series, and provides an overview of CCPA requirements,  defines personal information under the new law... 2018-10-01
Read the Summary and Request the White Paper