BOUTIQUE

PRIVACY and SECURITY CONSULTING

FIRM

Specializing in Strengthening Brand Trust and

Establishing Defensible Privacy and Security Strategies

 

 

We work with our clients and develop a common sense approach to meet your needs.

STANDARDS AND CONTROLS

 

We use standards and controls applicable to your privacy and security posture including:

  • California Consumer Privacy Act of 2018, Amendments and Rulemaking

  • HIPAA/HITECH Security, Privacy and Breach Notification Rules

  • Generally Accepted Privacy Principles (GAPP)

  • EU’s General Data Protection Regulation (GDPR)

  • ISO/IEC 27001-2:2013

  • CIS Top 20 Critical Security Controls (CA AG requires)

  • SEC OCIE Cybersecurity Initiative

  • NIST Cybersecurity Framework

  • U.S. Sentencing/DOJ/OIG Guidelines for Effective Compliance (program foundation) 

  • Applying Risk Management Program Management and Principles

PRIVACY OR SECURITY PROGRAM
PHASE I 

Risk/Gap Assessment Detail

  • Data mapping

  • Controls evaluation to standards

  • Risk assessment

  • Policies and procedures review (optional depending upon readiness)

  • Findings and recommendations report

  • Gap and risk register to actively manage recommendations


PHASE II
Program Establishment
  • Design governance infrastructure/roles and responsibilities

  • Establish risk management/ controls framework for sustainability

  • Requested documents review

  • Develop policies/procedures

  • Develop/deliver training

  • Design role-based access control (RBAC) rights

  • Design program oversight/monitoring

  • Obtain executive/board commitment and empower privacy/security official 

PRIVACY/ SECURITY-BY-DESIGN
  • Privacy engineering (SDLC) program/ policy/ training

  • Privacy impact assessment (PIA/DPIA) during product design (scope includes security)

  • E.g. big data, mobile apps, IoT, websites, robotics/AI 

THIRD-PARTY DUE DILIGENCE and MANAGEMENT
  • Pre-contract due diligence and contract requirements

  • Cloud services (use cases) policy/guidance

  • Managed security services - build vs. buy guidance/assessment

  • Third-party management program/policy

CONSULTING SERVICES
À LA CARTE
  • Obtain executive commitment

  • Mobile app/ website privacy policy for counsel review

  • Cross border transfer rules guidance

  • Workplace privacy/social media privacy guidance

MONTHLY RETAINER
  • Provide guidance and advice as requested as Subject Matter Experts in Privacy and/or Security

OUR APPROACH

SoCal Privacy Consultants is a San Diego-based boutique privacy and security consulting firm serving clients across the U.S. since 2008. We help organizations operationalize Privacy Programs that are sustainable, defensible, and trustworthy by:

  • Data and resource mapping

  • Conducting gap and risk assessments

  • Establishing governance with clearly defined roles and responsibilities

  • Providing practical education and guidance

  • Helping customize privacy and security policies to fit an organization’s risk profile and culture

  • Providing Privacy/Security-by-Design consulting for technologies, such as for mobile apps and wear-ables

 

During the engagement, our consultants help establish program ownership and provide an effective knowledge transfer to help jump-start and build momentum in establishing an effective privacy and security program.

 

SUSTAINABLE

We help clients establish effective and scalable governance with clear roles and responsibilities to continually sustain their organization's privacy and security program. We help you gain commitment and support from C-level executives for the development of the organizational strategy to protect sensitive personal information and obtain appropriate resources and budget to facilitate its implementation enterprise-wide. We partner with your IT professionals and functional managers, implementing an enterprise-wide privacy and security program.

 
DEFENSIBLE

We help clients develop and implement a risk ownership and management approach to identify foreseeable risks and apply reasonable standards of care to create a legally defensible posture.

 

Many "compliant" organizations suffer security incidents and privacy breaches. Laws, regulations and standards cannot keep pace with the growth of the information age, the Internet, new technologies, and threats and vulnerabilities. "Check the box" compliance falls short. Regulators (FTC, DHS, state AGs, SEC, etc.) expect organizations to continually identify and mitigate risks before, during and after rolling-out new or enhanced products, services, processes, applications, systems and other technologies. SoCal Privacy's risk-based approach embeds risk management into your privacy and security program.

 

TRUSTWORTHY

Trust is implicit in doing business and privacy is part of the trust equation. A Privacy and Security Program establishes and maintains the trust relationship with your stakeholders, including board members, investors, partners, service providers, and most importantly, your consumers. Mitigating the risk of privacy breaches avoids the costly and disruptive impacts of loss of stakeholder trust.  

 

OUR PROCESS

Educate

We arm you with the knowledge, tools and more importantly the confidence to establish a practical program.

Assess

We gain an understanding of your company’s operations, identify risks and compliance gaps, then formulate a road-map towards a legally defensible posture.

Operationalize

We support delineating clear roles and responsibilities for operationalizing privacy and security policies and practices, including Privacy/Security-by-Design to continuously identify and acceptably mitigate these risks.

 

Transform

We help secure your organization’s commitment to overcome cultural and organizational resistance.

OUR EXECUTIVE TEAM

Michael Cox - Socal Privacy Consultants
MICHAEL COX
PRESIDENT
  • LinkedIn Social Icon

        Speaking Events

eric.jpg
Eric Schaleger
CHIEF INFORMATION SECURITY CONSULTANT
EDDIE COX
BUSINESS DEVELOPMENT
  • LinkedIn Social Icon

Speaking Events

 

AFFILIATIONS & CERTIFICATIONS

IAPP logo
(ISC)2 logo
AIIM logo
infragard_logo.jpg
CIPP logo

CONTACT

SOCAL PRIVACY CONSULTANTS

OUR ADDRESS

35523 Royal Ct, Winchester, CA 92596

Email: info@socalprivacy.com
Tel:  619-318-1263

 

 

For any general inquiries, please fill in the following contact form:

 

CLIENTS

We serve U.S. and international companies wishing to do business in the United States. Our clients range in size from 8 people to a Fortune 1000 company for whom we have performed gap and risk assessments across multiple business units and subsidiaries, including three acquisitions shortly after close. We have conducted M&A privacy and security due diligence on behalf of our clients and built a FTC consent order client’s security program in multi-state locations, helping them pass four consecutive biennial audits.
 
Our experience and expertise allow us to serve a wide range of industries covered by different laws and regulations. Our work is commonly performed at the direction of referring counsel under attorney-client privilege. Representative examples of our clients include:

Biotech,
Life Sciences, 
Healthcare

High Tech / Internet

  • Genetic testing laboratories

  • Hospice Organization

  • Health technology Co.

  • Google Glass tele-health application

  • Laboratory information management systems company

  • Email security service

  • Web security / threat defense service

  • Database marketing analytics

  • Robotics

  • Online direct auto lender

  • Event management service

Financial Services 

  • Hedge fund

  • Bitcoin company

  • Traditional loan company

  • Asset management company

Mobile Apps

  • Health fitness app

  • Lab testing requests and payment application

Since 2008, we've built a successful boutique consulting practice strictly through repeat referrals, primarily from privacy lawyers at major law firms, as well as some from client referrals and speaking engagements.

Michael is a terrific, detail-oriented compliance guru on privacy and data security issues.  He takes charge of a project, and ensures that both the big picture and small details get addressed in a practical, comprehensive fashion.  I highly recommend Michael as a team partner.

- Alysa Hutnik, Partner

Advertising, Privacy & Information Security Practice

Kelley Drye & Warren, LLP

Michael is one of those privacy professionals who reflects the skills we all want to exhibit.  He understands the strategy and big picture issues in the evolving arenas of health, genetic, and international data, while concurrently managing the detail of program rollouts and compliance operations.

- Peter F. McLaughlin,

Partner

Privacy, Data &

Cybersecurity Practice

Culhane Meadows PLLC

Paul is a motivated self-starter who works toward solutions that are in his client's best interests. He keeps his client's needs at the forefront of all he does and is dependable and trustworthy. His positive energy and willingness to get the job done right are inspiring to all.

- Lisa Larson Meuser

Accredited Financial Counselor (AFC)

Wells Fargo

 

© 2020 by SoCal Privacy Consultants