Privacy & Security

Objective: Protect sensitive corporate information from inappropriate use or disclosure that includes intellectual property, proprietary information (financial transactions, HR) and includes information subject to privacy requirements such as customer information (PII, PCI), health information (PHI) and employee benefits.

Challenge: More stringent legal requirements, regulatory enforcement and industry standards for protection of personal information of customers and employees (e.g., HIPAA, PCI, PII, Data Protection Directives, GLBA). Excessive collection and proliferations of protected information in business processes and systems that were not designed to address new privacy requirements. Leakage of protected information from official systems to less-secure repositories, such as email and file shares. Insecure handling and disposition of hard copy, removable media, retired PC, laptops, systems and servers. Lack of a corporate information classification standard and guidelines, controls, and processes for enforcement. Local PC/laptop hard drives not encrypted, removable media with minimal or no encryption, mobile devices containing sensitive data

Contoural: Assess current policies and practices for protection of sensitive documents and information. Develop a Record Type Inventory that identifies sensitive information types and specific requirements. Develop a Data Classification Standard for marking documents and information, and educating employees on requirements for compliance. Work with stakeholders to identify administrative, physical and technical controls. Develop procedures/processes to place/keep each class of information in repositories that can provide the required controls and safeguards. Identify taxonomy for search and monitoring of company specific documents and terms for use in Data Loss Prevention tools.

Contoural - MER Sapient Webinar: Information Governance, What, Why , and Who? March 06, 2018

Complimentary Webinar: Renegotiating Your Offsite Paper Storage ContractMarch 29, 2018

View All Upcoming Events


Metrics Based Information Governance Outlines a metrics-based approach that focuses on results in five key areas: compliance, privacy, disposition, litigation readiness, and employee prod... 2013-10-01
Read the Summary and Request the White Paper

Real-World Strategies for Archiving and Decommissioning Legacy Applications Each year, Enterprises invest millions of dollars in application portfolios needed to run the business.  But as investments in the latest and gre... 2017-12-14
Read the Summary and Request the White Paper