Data Protection for
Pharmaceutical, Medicine and Medical
As statistically the largest offender on a global scale when considering patient data protection, we are well positioned to provide all the data protection expertise, services and solutions needed to protect sensitive patient data against a backdrop of global laws, and health regulations. Patients expect the privacy of the patient-doctor relationships to be continual and safe, and the physician-patient privilege to be binding. Because it is patient data it is considered sensitive information by most global laws. We provide industry specific assistance with global Health Information Acts (HIPAA, HITECH, HIPA, PIPEDA etc.) and the management of Personal Data as it relates to entities governed within this scope.
In the 3 months from July to September 2018, Australian Health Providers had 45 Notifiable Data Breaches under the new NDB Scheme. In July 2018, a Portuguese Hospital is fined 400.000 € for failing to secure Personal Data correctly.
Banking, Financial Services & Insurance
Usually the most highly regulated of any industry in the world, nonetheless, a worthy target for would-be criminals significantly in the areas of Fraud and Identity Theft. It has been traditionally and that doesn't look like abating any time soon. Data Protection starts with clean clear policy and ownership of the systems, issues and processing. Integration of concise processing management with our existing processes is the key to success and our world class GRC will keep the regulators satisfied and the auditors wondering what to do next. Your customers and shareholders will also thank you. We provide industry specific assistance for Finance, Insurance, and Superannuation together with PCI-DSS compliance support. Including the new APRA regulations effective 1st. July 2019.
September 2018, Bupa Insurance Services Limited (Bupa) has been fined £175,000 by the Information Commissioner’s Office (ICO) for failing to have effective security measures in place to protect customers’ personal information.
An industry that is guaranteed many new data subjects year after year. Then it comes to the ongoing management of that personal data. Our GRC has comprehensive data subject and record management built to international standards. Student data is now more than simply marks, grades and exam results, it is the student life-cycle including housing, finance and care. We provide educational institution Data Protection assistance and support in relation to federal and state general privacy regulation and specifics such as FERPA and Institution Review Board requirements to ensure information privacy.
As the third most frequently targeted institution type data breaches doubled in the first 6 months of 2017. Stamford Graduate School exposes 14 terabytes of financial aid applications and the Medical College of Wisconsin compromises patient data.
Utilities, Telcos & Energy
Usually a soft-target for criminals, there are a growing number of stories that all seem to culminate in a disaster for a consumer. Poor staff training seems to be the message that the regulators are delivering here. It won't be a message forever, it will become large fines and greater churn. Our GRC will ensure that your staff are kept trained and in the loop about changes to policy and process all the time.
Swiss telecoms giant Swisscom has admitted that it suffered a serious security breach in the autumn of 2017 that saw the theft of contact details of approximately 800,000 customers – most of whom were mobile subscribers.
Local, State and Federal Government Agencies
Political privacy in an age of democracy is torn between the digital economics or scale of cost effective processing and the need for surety of identity and one person, one vote for voting systems, while maintaining anonymity in the "Secret Ballot".
Our GRC is designed to allow Government entities to split between being a Public Authority and a Public Authority with Commercial Interests. The management of sensitive personal information (SPI), Personally Identifiable Information (PII) and Personal Data (PD) will in most cases be managed differently and have different legislation applied to the personal data, subject to the designed use and the users capacity. The GRC can manage the same data with different delegations and purposes (of use). It will map and manage processes based on the purpose in a seamless and easy to use manner, offering greater assurances to your citizens.
September 2017, the US Securities and Exchange Commission publicly revealed that a software vulnerability in the Commission’s corporate filing system resulted in hackers gaining access to non-public trading information.
Hospitality and Tourism
As far back as 1995, the United States Department of Commerce created the International Safe Harbor Privacy Principles in response to the EU's 1995 Directive on Data Protection. All to ensure that passenger name records could flow between the US and the EU with adequate privacy protection.
Dealing with the public on a face to face basis and handling critical documents like passports and other identity documents presents its own unique risks. These documents together with credit cards are usually required when you check into a hotel. So how your organization maintains rigor around these highly confidential and most highly prized identity theft targets will determine the level of trust that your guests and shareholders have. Both determine your organizational worth. We provide unparalleled Data Protection controls to ensure that you are not left facing a multi-billion dollar lawsuit.
December 2018, Marriott says 500 million Starwood guest records stolen in massive data breach. Starwood Hotels has confirmed its hotel guest database of about 500 million customers has been stolen in a data breach.