Privacy

Helping businesses comply with US federal and state data privacy regulations and, for entities that process non-US personal data, international data privacy regulations including cross-border data transfer protocols. Services include:

• Developing and drafting privacy policies & online public-facing privacy statements

• Advising on data collection, storage & usage

• Breach response

• Creating data maps and conducting data audits

• Managing data subject access requests

• Performing privacy impact assessments

• Drafting data processing addendums

• Reviewing your website and advising on legal compliance

Experience

Reviewed and revised online public-facing privacy statement for US-based global foundation

Analyzed privacy regulations in Europe, Australia, Philippines, India, China, and Singapore for global marketing company

Reviewed and revised privacy impact assessment (PIA) questions and process for international public company, and trained and managed two assessment reviewers

Performed GDPR privacy assessment for Japan-based global heavy machinery manufacturer

Managed US-based international technology company's roll-out of Canadian sales & marketing guidelines to comply with CASL (Canada's Anti-Spam Legislation)

Researched data breach notification laws in 30+ US states, analyzed risk, and advised public company on notice (timing, recipients, content, and delivery)

Over an 18-month period, liaised with global public company business stakeholders to review and approve over 200 privacy impact assessments (PIAs) for new technology products and services before they are introduced into the company’s production environment

Liaised daily directly with Data Protection Officer (DPO) of public international company in connection with re-organizing GDPR Article 30 record of processing activities (ROPA), and completed 118-country regulatory survey on registration requirements for local databases on which personal data is processed

Liaised daily directly with Information Security team at US government-sponsored enterprise to identify and map internal systems in which personal data elements are located

Reviewed data processing addendum for multinational financial services co. and advised on current state of Standard Contractual Clauses

Performed gap analysis for home security company re data encryption, RBAC and social engineering

Completed 20-country regulatory survey of registration requirements for local in-office CCTV usage for global software company