“IN THE NEWS” FOCUS AREAS

Several high profile information protection & privacy topics dominate the headlines today with the names of companies that either ignore, or do a poor job of implementing, these requirements into their environment. Navigate LLC offers specialized programs focusing on these current hot topic areas. Let us help your organization stay out of the news.

PCI DSS

Complying with the Payment Card Industry Data Security Standard (“PCI DSS”) can be a daunting task. Navigate LLC can assist you in every phase of your compliance effort regardless of your current state. Services include creating a compliance road map, creating policies and procedures, delivering training, managing the overall effort, assessing technology alternatives, and virtually any other activity required to assist your organization in becoming compliant and being able to complete a Self-Assessment Questionnaire (SAQ) or undergo a third party validation by a Qualified Security Assessor (QSA).

Data Protection Compliance Program

If you operate in markets such as the European Union, Canada, Australia or Russia there are additional data protection legal requirements that govern the collection, processing, use, transfer and security of personal information related to your customers and employees. Navigate LLC can help you develop and implement a strategy that addresses these legal requirements in a manner that is not disruptive to your business, and is sustainable.

Data Breach Incident Response Planning

Almost every state in the U.S. has a law about what you have to do if certain personal information you are responsible for, including the information you’ve entrusted to outsourced vendors, is lost or stolen. Certain international markets are considering similar laws.

In the event of data loss or theft, a fast well-executed incident response plan is essential to limiting damage to your brand and reputation, pre-empting potentially relentless media coverage or speculation and meeting your legal notification responsibilities. While the response to every potential scenario cannot be scripted in advance, many parts of the response can be pre-planned. Elements typically addressed in an incident response plan include:

• Identification of the incident response team;
• An approach to determine what happened and ensure the loss is stopped;
• Templates for notification letters that would have to be sent to the individuals whose information was lost or stolen and to the appropriate legal regulators;
• Outline of the Question and Answer documents that will be needed to respond to the calls that will come in from the individuals who received letters;
• The process your company would use to respond to media inquiries including a draft press release; and
• Identification and contracting with the relevant third party service providers (such as printers, mail houses, outside legal counsel and credit monitoring service companies) that will be needed to help your organization deliver on the steps in your response plan quickly.

Navigate LLC can work with your organization to create or review your incident response plan, facilitate practice walkthroughs of the plan, conduct annual tests of the plan or assist in executing the plan in the event of an actual data loss or theft.

eCommerce Privacy

The Internet is typically the lowest cost sales channel for virtually every organization. Consequently, the ability to grow sales using that channel needs to be fiercely protected. If you collect personal information through your organization’s website, you need to ensure that a complete and accurate Internet Privacy Statement is posted to explain what information is collected, how it will be used, how it will be secured, as well as the use of technologies such as cookies and pixel tags and other items.

This privacy statement is important to assure your customers that you respect and protect their personal information when it is entrusted to you, and in some cases, meet legal requirements. Discrepancies between the disclosures in a privacy statement and actual practices can draw the attention of the Federal Trade Commission.

Navigate LLC can take the lead in preparing your text and P3P internet privacy statement or we can conduct a review to ensure that your current statement accurately and completely describes your business practices. We can also assist in the preparation or application process for an online privacy seal such as Truste.