Consulting

the expertise and customized service you need

PRIVATECH specializes in data protection, CASL and privacy compliance solutions for your entire organization. Whether you need to conduct a privacy assessment or an information security audit, ensure compliance with Canada’s anti-spam law, develop privacy documentation, get answers to specific questions about the privacy laws in Canada, the data protection laws in the United States or abroad, or need assistance with managing a privacy crisis, PRIVATECH responds to your specific needs.

Our solutions can be easily customized. We’d be glad to provide you with a detailed proposal. Contact us today for a free initial consultation.

You too can benefit from PRIVATECH’s significant expertise with the privacy laws in Canada (such as PIPEDA, the Privacy Act and provincial personal information protection acts), the United States (such as the Gramm-Leach Bliley Act, HIPAA and breach notification laws), as well as other data protection laws around the world.

PRIVACY ASSESSMENT

PrivaTech has extensive experience conducting in-depth privacy assessments of existing on-line and off-line initiatives in order to identify and mitigate privacy risks.

PrivaTech defines a privacy assessment as an evaluation of business processes to determine the level of compliance with applicable privacy and data protection laws, as well as best practice benchmarks, which includes:

  • developing a data flow diagram;
  • conducting a gap analysis;
  • identifying and reviewing privacy risks; and
  • developing privacy risk reduction plans.

Once the business processes are well understood and practices have been compared to the privacy legal requirements, we classifies risks based on the probability and impact of a breach.

PrivaTech’s privacy assessment report will give you detailed recommendations on steps that should be taken to better meet your privacy protection responsibilities.

CASL COMPLIANCE AUDIT

Canada’s Anti-Spam Law (“CASL”) came into force on July 1, 2014 with respect to the sending of commercial electronic messages. CASL proves to be one of the most onerous anti-spam laws in the world, and it is critical for organizations to take the necessary steps to comply with this law. With a Spam Reporting Centre staffed with CASL investigators, and the ability to reprimand organizations with heavy fines, it is clear that the CRTC is taking its enforcement powers seriously.

On January 15, 2015, CASL will apply to the consent rules when installing a computer program on another person’s computer system. To view PrivaTech’s presentation on the installation of computer program provisions and how they apply to your organization, click here.

Contact us for assistance with completing a CASL audit, and determining the key steps that your organization must take to become compliant. PrivaTech’s audit process for CEMs involves:

  • Providing a questionnaire to be completed by key groups on CEMs sent by the organization;
  • Review of CEMs and requesting necessary clarification;
  • Determining gaps between existing practice and CASL requirements;
  • Recommending changes including database structure, consent wording and procedural changes;
  • Preparing custom CASL guidelines and checklists; and
  • CASL training for key groups to ensure compliance going forward.

For a do-it-yourself compliance project, check out PrivaTech’s CASL Compliance Toolkit!

PRIVACHECK

It’s Time for a Privacy Check-Up

PrivaTech is proud to be making its privacy assessment services and gap analyses accessible to small and mid-size businesses. Every organization that collects, uses or shares personal information has obligations to ensure this information stays protected.

Conducting a PrivaCheck™ is a cost-effective way to achieve peace of mind that your information-handling practices are meeting industry best practice and applicable data protection laws.

CLICK HERE to view our PrivaCheck™ brochure, and contact us to get started!

INFORMATION SECURITY AUDIT

An information security audit assesses the level of information security within an organization. The controls being audited can be categorized as technical, physical and administrative. Auditing information security covers topics from auditing the physical security of data centers to the auditing logical security of databases.

The in-depth information security audits conducted by PrivaTech are led by an ISACA Certified Information Systems Auditor who has extensive experience in conducting a systematic, measurable technical assessment of the effectiveness of an organization’s security program.

An information security audit is performed by PrivaTech through personal interviews, vulnerability scans, examination of operating system settings, analyses of network shares, and historical data. We are essentially concerned with how security policies – the foundation of any effective organizational security strategy – are actually implemented.

An information security audit is one of the best ways to determine the security of your  organization’s information without incurring the cost and other associated damages of a security incident.

PRIVACY DOCUMENTATION

A comprehensive corporate privacy policy that is shared with customers and suppliers is critical to building trust and demonstrating a commitment to privacy. Internal procedures or protocols that give employees the guidance they need to manage personal information responsibly need to be in place to support the policy.

PrivaTech focuses on developing privacy policies and supporting procedures that clearly convey the company’s data management practices and objectives, and that meet obligations under applicable privacy laws.

Our expertise with Canadian privacy laws and the legal obligations in other countries, combined with our superb and meticulous writing skills, also puts PrivaTech in the perfect position to review and recommend updates to existing policies and procedures, consent forms, privacy notices, third party agreements and employee handbooks.

Consult with PrivaTech to achieve peace of mind that there are no gaps in your privacy documentation, and that your policies and procedures are the best they can be.

PRIVACY CRISIS MANAGEMENT

If your company is faced with a privacy complaint or bad publicity due to a real or perceived privacy breach, immediate steps need to be taken to respond and to reduce the impact on your business. PrivaTech can assist you in managing the breach, and responding to Privacy Commissioners or the media as required.

PrivaTech can also assist you in developing and implementing long-term solutions that will reduce the risk of further privacy violations.

Increasingly, inadequate privacy practices are costing many companies large contracts or clients. PrivaTech has assisted many organizations salvage a business relationship and rebuild a client’s confidence in the organization’s ability to protect personal information.

Although we would rather be working with you in a proactive manner to protect privacy, if there is a need to react, you can count on PrivaTech for sound advice.

PRIVACY OFFICER SUPPORT

PrivaTech works with numerous Privacy Officers to assist them in overseeing compliance, keeping up-to-date on key decisions and legislative changes, and responding to privacy issues or questions that arise.

You will be directed supported by a leader in privacy solutions with a law practice dedicated to the privacy laws in Canada and abroad.

The position of Privacy Officer comes with a great deal of responsibility. Time constraints and the rapidly changing privacy landscape make PrivaTech’s support services  invaluable.

PRIVATECH responds to your specific needs.