Daniel Schroeder CPA, MBA, CISA, CIA, CISM dan.schroeder@hawcpa.com Bio

Privacy Risk Management Services

Our privacy risk management services can help your organization establish comprehensive and sustainable privacy risk management program that will effectively manage your reputation and regulatory risks related to personal data. We also assist service organizations that process personal data on behalf of other companies and who need to provide their customers with independent objective assurance that appropriate control measures are deployed and operating effectively to safeguard the personal information.

Our privacy risk management services address a wide array of compliance requirements including those from the following:

• Massachusetts 201 CMR 17 (“Mass Privacy Law”)
• Health Insurance Portability and Accountability Act (“HIPAA”)
• Fair and Accurate Credit Transactions Act (“FACTA”) Red Flag Rules
• Health Information Technology for Economic and Clinical Health (“HITECH”)
• Gramm-Leach-Bliley (“GLBA”)
• Canadian Personal Information Protection and Electronic Documents Act (“PIPEDA”)
• U.S. – European Union & U.S – Switzerland Safe Harbor Framework
• European Union – Directive on the Protection of Personal Data

In addition to existing regulations and requirements, our team actively monitors the ever expanding area of privacy legislation and regulation. As privacy risks continue to increase as technology becomes more pervasive we are seeing privacy regulations become more significant and we expect them to continue to increase. It is crucial for organizations to develop a comprehensive and sustainable approach to privacy management not only to safeguard their reputation, but to also minimize the cost of compliance and the associated risk of not being compliant.

Our approach, which leverages the AICPA General Accounting Privacy Principles (“GAPP”), has been vetted and used by leading international businesses, including clearinghouse institutions. By utilizing the framework provided with GAPP we are able to offer extremely scalable options for any size firm. GAPP also provides a basis for attest reporting to provide user entities assurance relative to the services being provided by your organization.

For our Safe Harbor services our privacy professionals can guide you through the process of assessing whether your current policies are compliant with Safe Harbor. In the event they are not they can assist you in creating policies using the methodology of leveraging AICPA GAPP mentioned above that comply with Safe Harbor and developing a Safe Harbor Compliant Privacy Policy Statement. In addition to developing compliant policy they can assist you through the application process to become registered as Safe Harbor compliant with the U.S. Department of Commerce.

Further Information can be found:

• http://www.aicpa.org/privacy
• http://www.datalossdb.org
• http://www.hhs.gov
• http://www.mass.gov/Eoca/docs/idtheft/201CMR1700reg.pdf
• http://www.ftc.gov/privacy/privacyinitiatives/glbact.html
• http://www.priv.gc.ca/index_e.cfm
• http://www.export.gov/safeharbor/
• http://ec.europa.eu/justice/policies/privacy/index_en.htm

For more information, contact Dan Schroeder.