Dara Security

Privacy Gap Assessment


Evolving US Federal law provide protections to consumer and employee information, such as HIPAA, Gramm-Leach-Bliley Act (GLBA), and Fair and Accurate Credit Transactions Act (FACTA, including Red Flags).  States have enacted their own laws providing additional protection. For example, 48 states have breach laws, such as Massachusetts' 201 CMR 17.   These laws require the protection of their state resident's information and impact companies regardless of if they have location within that state.  A company simply has to have done business with a consumer in that state or have employee information of a resident of that state.  For example, if your place of business is in Nevada, but you have an eCommerce site and you sell goods to a resident of Massachusetts, you are now subject to Massachusetts' data protection laws.


Analyzing Your Business

We analyze your business to understand which state data protection acts that apply to you.  From there, the Dara Security Privacy Gap Assessment compares your Information Security program against applicable law and industry best practices.  It reviews current privacy measures, as well as security controls against these acts across the board by:

    Documenting your level of compliance

    Identifying vulnerabilities and weaknesses

    Providing independent verification of the effectiveness of existing controls

    Reducing your organization’s privacy and security costs

    Offering insight into industry best practices

In return you will:

    Have avoidance of fines that could result of breach

    See Reduction of the cost, confusion, and complexity of compliance

    Gain proper 3rd party objective demonstration of compliance with applicable privacy law


Dara Security Experts

Dara Security consultants are experts in understanding both the technical aspects and the business components of your organization. Our experience and knowledge, developed while working with organizations across the country, provides your organization with a true picture of your compliance with state data protection acts.