Privacy Gaps Review

• Privacy Gap Assessment and Review
As a result several high profile breaches, states have enacted their own laws providing additional protection, including Massachusetts’ 201 CMR 17. Similarly, numerous international laws have been adopted, including the European Directive and Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA). Further, more than 50 countries have enacted omnibus data privacy laws covering the private sector, including Mexico’s Federal Law on the Protection of Personal Data Held by Private Parties.

CryptoForensics’ Privacy Gap Assessment offering will compare your privacy program against applicable law and industry best practices such as:

  • Privacy Principles
  • Management
  • Notice
  • Choice and consent
  • Collection
  • Use, retention, and disposal
  • Access
  • Disclosure to third parties
  • Security for privacy
  • Quality, Monitoring and enforcement

Cryptoforensics will adopt a staged-approach to any Privacy Gap Assessment assignment, as follows:

A Gap Assessment/Pre-Audit stage during which we map critical information processes and data flow to determine applicable law and business impact. During this stage, we will

  • Evaluate the effectiveness of your privacy program
  • Leverage the Privacy Maturity Model to determine what gaps currently exist
  • Validate privacy controls
  • Determine remediation cost-justification

A Privacy Gap Assessment onsite visit stage during which we will

  • Introduce engagement participants and define roles
  • Review engagement activities
  • On-site interview and information gathering to assess compliance status
  • Review any applicable documentation
  • Process Mapping during which we will document the high level in-scope systems and technical infrastructure
  • Requirements Analysis where we will document the existing controls used to protect in-scope data assets
  • Identify gaps against applicable law

A Reporting stage, during which we will:

  • Outline strategic recommendations to mitigate identified control gaps
  • Identify risk-based compliance gaps to build a remediation roadmap

Our approach is carefully designed to benefit your organization in several ways, including:

  • Identification and compliance with applicable privacy law and regulatory guidance
  • Proper third party objective demonstration of compliance
  • Prudent voidance of severe fines and regulatory action
  • Client-centric program for safeguarding personally identifiable information
  • Projected and drastic reduction in the cost, confusion, and complexity of compliance

Our Comprehensive Suite of Solutions and Services . ..


Today, most enterprises try to deal with cybersecurity threats by focusing inwardly through conducting vulnerability assessments, making detailed network maps, and in some cases, deploying robust patch management processes to continuously monitor their networks and systems. While this approach provides some benefits, against many cyber threats it's ineffective. Most corporate networks are so large and complex that it's simply too difficult to identify all of their assets, or all of their vulnerabilities, and patch them fast enough. Today's cyber wrongdoers are sophisticated, well-funded, and patient—they use a wide range of techniques to penetrate even well-protected enterprises...