Data Privacy/Privacy Impact/Privacy Risk Assessments
The objective of Sunera’s data privacy assessment is to identify the data flow of PII and evaluate the effectiveness of the privacy controls in place. Our assessments typical begin with determining what privacy regulations and industry requirements are applicable to the organization. With an understanding of compliance requirements, the next step is to determine what sensitive and personally identifiable information (PII) the entity is collecting, method of data collection, where it is being stored, and how it is being used. The collection of the data elements often spans all business units and business partners including human resources, marketing, sales, accounting, information technology, etc. We typically collect this information through a combination of interviews with process owners, surveys, and automated discovery tools for high-risk business areas. As a result of these efforts, the assessment activities will provide details around the following:
- information life cycle of PII;
- privacy practices;
- use and disclosure considerations;
- storage requirements;
- applicable IT policies and procedures; and
- methods of transfers to other business units and third party vendors.
As a result of the assessment activities, we will provide a detailed gap assessment, using the information compiled in the sessions, identifying the controls that are in place to address the application regulations or internal policies. We also typically assist our clients with defining an action plan to either remediate any gaps noted or define appropriate mitigating controls.
