Privacy & Security

Objective: Protect sensitive corporate information from inappropriate use or disclosure that includes intellectual property, proprietary information (financial transactions, HR) and includes information subject to privacy requirements such as customer information (PII, PCI), health information (PHI) and employee benefits.

Challenge: More stringent legal requirements, regulatory enforcement and industry standards for protection of personal information of customers and employees (e.g., HIPAA, PCI, PII, Data Protection Directives, GLBA). Excessive collection and proliferations of protected information in business processes and systems that were not designed to address new privacy requirements. Leakage of protected information from official systems to less-secure repositories, such as email and file shares. Insecure handling and disposition of hard copy, removable media, retired PC, laptops, systems and servers. Lack of a corporate information classification standard and guidelines, controls, and processes for enforcement. Local PC/laptop hard drives not encrypted, removable media with minimal or no encryption, mobile devices containing sensitive data

Contoural: Assess current policies and practices for protection of sensitive documents and information. Develop a Record Type Inventory that identifies sensitive information types and specific requirements. Develop a Data Classification Standard for marking documents and information, and educating employees on requirements for compliance. Work with stakeholders to identify administrative, physical and technical controls. Develop procedures/processes to place/keep each class of information in repositories that can provide the required controls and safeguards. Identify taxonomy for search and monitoring of company specific documents and terms for use in Data Loss Prevention tools.

Intro to Information Governance Series: Introduction to Information GovernanceSeptember 13, 2018

Webinar Series: California Consumer Privacy Act: What Do You Need to Do? Part 1September 26, 2018

View All Upcoming Events

 

Creating Modern, Compliant, and Easier-to-Execute Records Retention Schedules In this white paper, Contoural outlines the best practices for creating and maintaining a records retention schedule that is modern, compliant and eas... 2018-01-01
Read the Summary and Request the White Paper

Reducing Your Offsite Paper Storage Risk and Cost This White Paper discusses strategies for recovering overbillings, reducing overall physical records storage costs and reducing the volume of offsite ... 2018-03-15
Read the Summary and Request the White Paper