Data Protection and Privacy

Data breaches are a severe risk to an organization's reputation. PwC's Carolyn Holcomb looks at how companies can protect themselves while remaining compliant.

Almost daily, the news underscores the importance of data privacy.

And as organizations of all types know, compliance with industry, state, federal and international privacy regulations has become increasingly challenging. Not to mention keeping up with the nonstop stream of changing technology and uses of information.

The threat is real. Data breaches are happening in all sectors and industries. Companies, customers, vendors and stakeholders need assurance; companies confront reputational risks.

PwC brings global experience to the table – in understanding technology, the regulatory maze, risks and controls. Our team can work with yours to build and maintain an integrated global framework for data protection, privacy and compliance. Using a scalable, risk-based approach, we’ll help you determine what needs to be secured and how to do it, by performing services such as the following.

  • Assisting with the design and implementation of a strong Privacy Office Structure and Program.
  • Conducting Privacy Impact Assessments (PIAs) to incorporate privacy protection throughout the development life cycle of new business initiatives, acquisitions, products, and technology.
  • Performing privacy program assessments to gauge the effectiveness of the privacy program.
  • Delivering privacy program services on behalf of the Privacy Office, e.g., training, testing of privacy controls and vendor management program.
  • Providing independent assessment of the privacy promises an organization is making to its customers, such as SOC2 and Custom AT101.
  • Employing data discovery techniques of data mapping and inventorying to identify where appropriate protections should be applied.
  • Measuring and reporting real-time privacy compliance and risk, and value in a single view program through the use of our CPO Executive Dashboard.
  • Offering solutions and assistance with Healthcare and Life Sciences Privacy Readiness, e.g., delivering gap analysis assessments of current HIPAA controls against.
  • HITRUST CSF, evaluating organizational readiness against OCR HIPAA Audit methodology and preparing corrective action recommendations.
  • Providing attest reporting if your organization enters into a consent decree with a regulatory body such as the Federal Trade Commission or Office for Civil Rights.
  • Enabling both pre-implementation and ongoing sustainability of big data solutions to help privacy contribute to value and also mitigate downside risk.
  • Facilitating Cross Border compliance by building and maintaining a global data transfer strategy using a consolidated set of privacy requirements. We’ll help you build a culture of privacy and help you avoid missteps over privacy protection and information handling. From intellectual property to M&A intelligence, financial reporting, security of customer data and other critical information, you’ll know you’re protected. If third parties seek independent assurance, we’ll provide it with confidence.

You will know your options; you’ll know which best fit your needs; and you’ll know the cost. Most of all, you’ll have the operational freedom knowing you are protecting your company's brand and reputation.