Evolving US Federal law provide protections to consumer and employee information, such as HIPAA, Gramm-Leach-Bliley Act (GLBA), and Fair and Accurate Credit Transactions Act (FACTA, including Red Flags). States have enacted their own laws providing additional protection. For example, 48 states have breach laws, such as Massachusetts' 201 CMR 17. These laws require the protection of their state resident's information and impact companies regardless of if they have location within that state. A company simply has to have done business with a consumer in that state or have employee information of a resident of that state. For example, if your place of business is in Nevada, but you have an eCommerce site and you sell goods to a resident of Massachusetts, you are now subject to Massachusetts' data protection laws.
We analyze your business to understand which state data protection acts that apply to you. From there, the Dara Security Privacy Gap Assessment compares your Information Security program against applicable law and industry best practices. It reviews current privacy measures, as well as security controls against these acts across the board by:
Documenting your level of compliance
Identifying vulnerabilities and weaknesses
Providing independent verification of the effectiveness of existing controls
Reducing your organization’s privacy and security costs
Offering insight into industry best practices
In return you will:
Have avoidance of fines that could result of breach
See Reduction of the cost, confusion, and complexity of compliance
Gain proper 3rd party objective demonstration of compliance with applicable privacy law
Dara Security consultants are experts in understanding both the technical aspects and the business components of your organization. Our experience and knowledge, developed while working with organizations across the country, provides your organization with a true picture of your compliance with state data protection acts.