Privacy Protection and Health Compliance

Compliance Assessment and Remediation Roadmaps

The alphabet soup of U.S. laws requiring compliance includes NIST, HIPAA, HITECH, CAN-SPAM, COPPA, FISMA, FERPA, FCRA and others. And that is just at the U.S. national level. Most states have their own, unique laws, such as California’s CCPA. At the same time, foreign jurisdictions are increasingly adopting strict data protection laws with extraterritorial application that reaches U.S. organizations, including GDPR, ISO, and ePrivacy laws (European Economic Area), PIPEDA (Canada) and other laws that are either copycats of, or inspired by, GDPR.

System 1’s cybersecurity, privacy, and data protection team can guide your compliance with those laws and contract duties, helping you manage, use and dispose of information in a way that is both practical and cost-effective. In the event of a breach, we guide you through all facets of the crisis, such as assisting your business or organization with internal and external forensic investigations, communicating with law enforcement, determining the extent of any required notifications, ensuring that notices and other actions comply with applicable laws, mitigating the harm done, if any, managing the damage to reputation, and advising on potential regulatory penalties and lawsuits.

Privacy Protection Readiness Reviews and Privacy Impact Assessments

If your business or organization contacts, collects, retains, stores or shares data about individuals or other protected information, it is likely subject to an ever-growing and complex myriad of state, federal and foreign laws, regulatory schemes, and industry standards. These rules require your company or organization to implement and support appropriate privacy and data security safeguards, as well as mitigate the harm of any breach. Privacy and data security compliance also requires you to identify, understand and meet the increasingly heightened standards often included in contracts with customers, vendors, lenders, members, and others.

System 1 performs readiness reviews to support your privacy status and ensure its effectiveness and compliance. We also develop related analyses like Privacy Impact Assessments (PIA) to ensure conformance with applicable legal, regulatory, and policy requirements for privacy; Identify and evaluate the risks of privacy breaches or other incidents and effects; and Identify appropriate privacy controls to mitigate unacceptable risks.