BOUTIQUE
PRIVACY and SECURITY CONSULTING
FIRM
Specializing in Strengthening Brand Trust and
Establishing Defensible Privacy and Security Strategies
We work with our clients and develop a common sense approach to meet your needs.
STANDARDS AND CONTROLS
We use standards and controls applicable to your privacy and security posture including:
-
California Consumer Privacy Act of 2018, Amendments and Rulemaking
-
HIPAA/HITECH Security, Privacy and Breach Notification Rules
-
Generally Accepted Privacy Principles (GAPP)
-
EU’s General Data Protection Regulation (GDPR)
-
ISO/IEC 27001-2:2013
-
CIS Top 20 Critical Security Controls (CA AG requires)
-
SEC OCIE Cybersecurity Initiative
-
NIST Cybersecurity Framework
-
U.S. Sentencing/DOJ/OIG Guidelines for Effective Compliance (program foundation)
-
Applying Risk Management Program Management and Principles
PRIVACY OR SECURITY PROGRAM
PHASE I
Risk/Gap Assessment Detail
-
Data mapping
-
Controls evaluation to standards
-
Risk assessment
-
Policies and procedures review (optional depending upon readiness)
-
Findings and recommendations report
-
Gap and risk register to actively manage recommendations
PHASE II
Program Establishment
-
Design governance infrastructure/roles and responsibilities
-
Establish risk management/ controls framework for sustainability
-
Requested documents review
-
Develop policies/procedures
-
Develop/deliver training
-
Design role-based access control (RBAC) rights
-
Design program oversight/monitoring
-
Obtain executive/board commitment and empower privacy/security official
PRIVACY/ SECURITY-BY-DESIGN
-
Privacy engineering (SDLC) program/ policy/ training
-
Privacy impact assessment (PIA/DPIA) during product design (scope includes security)
-
E.g. big data, mobile apps, IoT, websites, robotics/AI
THIRD-PARTY DUE DILIGENCE and MANAGEMENT
-
Pre-contract due diligence and contract requirements
-
Cloud services (use cases) policy/guidance
-
Managed security services - build vs. buy guidance/assessment
-
Third-party management program/policy
CONSULTING SERVICES
À LA CARTE
-
Obtain executive commitment
-
Mobile app/ website privacy policy for counsel review
-
Cross border transfer rules guidance
-
Workplace privacy/social media privacy guidance
MONTHLY RETAINER
-
Provide guidance and advice as requested as Subject Matter Experts in Privacy and/or Security
OUR APPROACH
SoCal Privacy Consultants is a San Diego-based boutique privacy and security consulting firm serving clients across the U.S. since 2008. We help organizations operationalize Privacy Programs that are sustainable, defensible, and trustworthy by:
-
Data and resource mapping
-
Conducting gap and risk assessments
-
Establishing governance with clearly defined roles and responsibilities
-
Providing practical education and guidance
-
Helping customize privacy and security policies to fit an organization’s risk profile and culture
-
Providing Privacy/Security-by-Design consulting for technologies, such as for mobile apps and wear-ables
During the engagement, our consultants help establish program ownership and provide an effective knowledge transfer to help jump-start and build momentum in establishing an effective privacy and security program.
SUSTAINABLE
We help clients establish effective and scalable governance with clear roles and responsibilities to continually sustain their organization's privacy and security program. We help you gain commitment and support from C-level executives for the development of the organizational strategy to protect sensitive personal information and obtain appropriate resources and budget to facilitate its implementation enterprise-wide. We partner with your IT professionals and functional managers, implementing an enterprise-wide privacy and security program.
DEFENSIBLE
We help clients develop and implement a risk ownership and management approach to identify foreseeable risks and apply reasonable standards of care to create a legally defensible posture.
Many "compliant" organizations suffer security incidents and privacy breaches. Laws, regulations and standards cannot keep pace with the growth of the information age, the Internet, new technologies, and threats and vulnerabilities. "Check the box" compliance falls short. Regulators (FTC, DHS, state AGs, SEC, etc.) expect organizations to continually identify and mitigate risks before, during and after rolling-out new or enhanced products, services, processes, applications, systems and other technologies. SoCal Privacy's risk-based approach embeds risk management into your privacy and security program.
TRUSTWORTHY
Trust is implicit in doing business and privacy is part of the trust equation. A Privacy and Security Program establishes and maintains the trust relationship with your stakeholders, including board members, investors, partners, service providers, and most importantly, your consumers. Mitigating the risk of privacy breaches avoids the costly and disruptive impacts of loss of stakeholder trust.
OUR PROCESS
Educate
We arm you with the knowledge, tools and more importantly the confidence to establish a practical program.
Assess
We gain an understanding of your company’s operations, identify risks and compliance gaps, then formulate a road-map towards a legally defensible posture.
Operationalize
We support delineating clear roles and responsibilities for operationalizing privacy and security policies and practices, including Privacy/Security-by-Design to continuously identify and acceptably mitigate these risks.
Transform
We help secure your organization’s commitment to overcome cultural and organizational resistance.
OUR EXECUTIVE TEAM
MICHAEL COX
PRESIDENT
Eric Schaleger
CHIEF INFORMATION SECURITY CONSULTANT
EDDIE COX
BUSINESS DEVELOPMENT
Speaking Events
CONTACT
SOCAL PRIVACY CONSULTANTS
OUR ADDRESS
For any general inquiries, please fill in the following contact form:
CLIENTS
We serve U.S. and international companies wishing to do business in the United States. Our clients range in size from 8 people to a Fortune 1000 company for whom we have performed gap and risk assessments across multiple business units and subsidiaries, including three acquisitions shortly after close. We have conducted M&A privacy and security due diligence on behalf of our clients and built a FTC consent order client’s security program in multi-state locations, helping them pass four consecutive biennial audits.
Our experience and expertise allow us to serve a wide range of industries covered by different laws and regulations. Our work is commonly performed at the direction of referring counsel under attorney-client privilege. Representative examples of our clients include:
Biotech,
Life Sciences,
Healthcare
High Tech / Internet
-
Genetic testing laboratories
-
Hospice Organization
-
Health technology Co.
-
Google Glass tele-health application
-
Laboratory information management systems company
-
Email security service
-
Web security / threat defense service
-
Database marketing analytics
-
Robotics
-
Online direct auto lender
-
Event management service
Financial Services
-
Hedge fund
-
Bitcoin company
-
Traditional loan company
-
Asset management company
Mobile Apps
-
Health fitness app
-
Lab testing requests and payment application
Since 2008, we've built a successful boutique consulting practice strictly through repeat referrals, primarily from privacy lawyers at major law firms, as well as some from client referrals and speaking engagements.