Taking The Next Step In Your Privacy Compliance Journey - Partnering With Compliance & Privacy Partners

At CAPP, we proactively address the needs of businesses facing regulatory scrutiny, data security threats, and working with an increasingly remote workforce. Our core services include privacy impact assessments, privacy program road-mapping, data subject fulfillment workflows, data mapping, vendor assessments, policy reviews, and records retention schedule development, monitoring, and compliance. We raise the maturity level of our client’s programs and awareness in the process.

Privacy & Risk

We often advise rganizations to conduct a Privacy Impact Assessment (a) before commencing a project to identify privacy risks in the design and implementation process and assess how to mitigate those risks; (b) during a program or project’s lifecycle to evaluate changes that create new privacy risks, and (c) at the end of a project’s lifecycle to evaluate how the project’s information should be deleted or maintained after completion.

Possible PIA Triggers

  • Collection of new information about individuals whether compelled or voluntary;
  • Conversion of records from paper-based to electronic format;
  • Conversion of information from anonymous to identifiable format;
  • System management changes involving significant new uses and/or application of new technologies;
  • Significant merging, matching or other manipulation of multiple databases containing PII;
  • Application of user-authentication technology to a publicly accessible system;
  • Incorporation into existing databases of PII obtained from commercial or public sources;
  • Significant new inter-agency exchanges or uses of PII;
  • Alteration of a business process resulting in a significant new collection, use and/or disclosure of PII;
  • Alteration of the character of PII due to the addition of qualitatively new types of PII.
  • Implementation of projects using third-party service providers.

How We Measure Risk

A comprehensive data privacy strategy protects against the growing risks and reputational damage associated with data breaches. However, privacy has a broader range of risk categories, which we considered in our assessments.

We address Inherent Risk Level, Residual Risk Level, and Target Risk Level in all of our these assessments.

Our Privacy Impact
Assessment Can Cover:

  • Privacy Policy, Forms & Disclosures
  • Program Governance
  • Records Retention
  • Service Provider / Vendor Management
  • Training and Awareness