Privacy Assurance Services

Protect sensitive data and build consumer trust in your organization’s privacy program

Are stakeholders asking you to prove that your privacy program is effective? Are you asking your business partners and vendors to prove that their privacy programs are effective?

Data privacy issues and regulations are on the rise. Regulatory bodies across the globe are instituting new and more complex privacy laws, each with differing requirements—at the regional, country and state levels.

Many leaders in Legal, Risk, Compliance, Privacy, Audit and other areas have been hard at work breaking down complex regulations and building out their data privacy programs. But few can provide assurance over those programs to external stakeholders.

PwC professionals can help with privacy initiatives from strategy through execution—including performing independent readiness assessments and reporting—to enhancing trust between data processors and data owners, and helping stakeholders manage compliance and governance risks.

Todd Bialick discusses how organizations are using privacy as a value driver.

The challenge of answering requests for privacy assurance

Data protection involves managing personal data across the entire information lifecycle

Many companies that handle sensitive data—including those that may outsource the handling of sensitive data—field hundreds of requests each year for assurance that their privacy program is effective and operates continuously.

Providing privacy assurance is not always straightforward.

Regulators around the world have different standards for privacy, and those creating the standards are still refining some of the details of how those standards should be implemented.
The impact of privacy-related regulations has been far reaching. What once required the legal department and one or two other teams to work together has expanded to most corners of an organization.
The definition of privacy is relative to the circumstances in which personal data are being collected, used or disclosed. Organizations are required to treat personal data appropriately, and what is deemed appropriate depends on the context, law, an individual’s expectations, and the right of that individual to control the collection, use and disclosure of their personal data, across the information lifecycle.
There are limited options in place to help companies demonstrate adherence to the requirements of GDPR, CCPA and other data protection regulations. Companies that process sensitive data are left to speculate on the best way to earn trust by demonstrating compliance.

How to best provide privacy assurance to stakeholders: The SOC 2 attestation standard

As companies consider ways to provide assurance on their privacy programs, PwC experts recommend considering the SOC 2 attestation standard.

Like a certification, an attestation is an independent opinion that a privacy program meets or exceeds acceptable standards. One such attestation standard, System and Organization Controls (SOC) reporting, provides a coherent, repeatable reporting process that can help any organization provide insight and assurance to stakeholders that its privacy program is effective.

How a comprehensive privacy program can help companies gain competitive advantages

Many companies react to privacy concerns with projects. But a more proactive, comprehensive, and sustainable approach can yield a host of benefits, such as the following:

Proactively address risks across your organization, saving time and resources
Create competitive advantage by reducing risk for partners
Build trust with stakeholders
Generate value by streamlining the way you manage and respond to stakeholders and lowering your cost of compliance.