Privacy and Security Assessment

We can address privacy requirements (Legal/Regulatory) and conformance. We can identify deficiencies and/or gaps in security controls that may adversely impact privacy expectations/requirements.


An initial determination will be made as to whether or not a full Privacy Impact Assessment (PIA) is required/expected. The applicable regulations will then be applied to perform the assessment.

Expected Outcome(s):

A PIA, if necessary, that identifies conformance/non-conformance and potential risk areas

A series of recommendations to improve privacy practices and/or reduce potential risks. The following is addressed in a PIA: 

Describe Inventory and Purposes for Collection: We will describe the types of information being collected, how it is being collected and for what purpose.

How You Are Limiting Collection:We will document that Personal information must be collected directly from the individual the information is about unless another method of collection is authorized. We will describe your collection and authorization methods.

Accuracy, Access and Correction: We will assess how you are providing protection by the steps being taken to ensure that personal information which will be used to make a decision directly affecting an individual is accurate and complete.

How You Use Collected Information: The assessment will document how you currently use personal information that has been collected.

Document Your Disclosure Policy: The current disclosure policy will be reviewed and documented including gaps or deficiencies. 

Management of Personal Information: The assessment will identify what procedures are in place to ensure that personal information used to make a decision affecting an individual is retained for at least one year after using it in order to permit the individual a reasonable opportunity to obtain access to his/her personal information.

 A Privacy Assessment Report is produced.

