BOUTIQUE

PRIVACY and SECURITY CONSULTING

FIRM

Specializing in Strengthening Brand Trust and

Establishing Defensible Privacy and Security Strategies

SERVICES

Download Our Brochure

services

We work with our clients and develop a common sense approach to meet your needs.

STANDARDS AND CONTROLS

We use standards and controls applicable to your privacy and security posture including:

California Consumer Privacy Act of 2018, Amendments and Rulemaking
HIPAA/HITECH Security, Privacy and Breach Notification Rules
Generally Accepted Privacy Principles (GAPP)
EU’s General Data Protection Regulation (GDPR)
ISO/IEC 27001-2:2013
CIS Top 20 Critical Security Controls (CA AG requires)
SEC OCIE Cybersecurity Initiative
NIST Cybersecurity Framework
U.S. Sentencing/DOJ/OIG Guidelines for Effective Compliance (program foundation)
Applying Risk Management Program Management and Principles

PRIVACY OR SECURITY PROGRAM

PHASE I

Risk/Gap Assessment Detail

Data mapping
Controls evaluation to standards
Risk assessment
Policies and procedures review (optional depending upon readiness)
Findings and recommendations report
Gap and risk register to actively manage recommendations

PHASE II

Program Establishment

Design governance infrastructure/roles and responsibilities
Establish risk management/ controls framework for sustainability
Requested documents review
Develop policies/procedures
Develop/deliver training
Design role-based access control (RBAC) rights
Design program oversight/monitoring
Obtain executive/board commitment and empower privacy/security official

PRIVACY/ SECURITY-BY-DESIGN

Privacy engineering (SDLC) program/ policy/ training
Privacy impact assessment (PIA/DPIA) during product design (scope includes security)
E.g. big data, mobile apps, IoT, websites, robotics/AI

THIRD-PARTY DUE DILIGENCE and MANAGEMENT

Pre-contract due diligence and contract requirements
Cloud services (use cases) policy/guidance
Managed security services - build vs. buy guidance/assessment
Third-party management program/policy

CONSULTING SERVICES

À LA CARTE

Obtain executive commitment
Mobile app/ website privacy policy for counsel review
Cross border transfer rules guidance
Workplace privacy/social media privacy guidance

MONTHLY RETAINER

Provide guidance and advice as requested as Subject Matter Experts in Privacy and/or Security

OUR APPROACH

SoCal Privacy Consultants is a San Diego-based boutique privacy and security consulting firm serving clients across the U.S. since 2008. We help organizations operationalize Privacy Programs that are sustainable, defensible, and trustworthy by:

Data and resource mapping
Conducting gap and risk assessments
Establishing governance with clearly defined roles and responsibilities
Providing practical education and guidance
Helping customize privacy and security policies to fit an organization’s risk profile and culture
Providing Privacy/Security-by-Design consulting for technologies, such as for mobile apps and wear-ables

During the engagement, our consultants help establish program ownership and provide an effective knowledge transfer to help jump-start and build momentum in establishing an effective privacy and security program.

SUSTAINABLE

We help clients establish effective and scalable governance with clear roles and responsibilities to continually sustain their organization's privacy and security program. We help you gain commitment and support from C-level executives for the development of the organizational strategy to protect sensitive personal information and obtain appropriate resources and budget to facilitate its implementation enterprise-wide. We partner with your IT professionals and functional managers, implementing an enterprise-wide privacy and security program.

DEFENSIBLE

We help clients develop and implement a risk ownership and management approach to identify foreseeable risks and apply reasonable standards of care to create a legally defensible posture.

Many "compliant" organizations suffer security incidents and privacy breaches. Laws, regulations and standards cannot keep pace with the growth of the information age, the Internet, new technologies, and threats and vulnerabilities. "Check the box" compliance falls short. Regulators (FTC, DHS, state AGs, SEC, etc.) expect organizations to continually identify and mitigate risks before, during and after rolling-out new or enhanced products, services, processes, applications, systems and other technologies. SoCal Privacy's risk-based approach embeds risk management into your privacy and security program.

TRUSTWORTHY

Trust is implicit in doing business and privacy is part of the trust equation. A Privacy and Security Program establishes and maintains the trust relationship with your stakeholders, including board members, investors, partners, service providers, and most importantly, your consumers. Mitigating the risk of privacy breaches avoids the costly and disruptive impacts of loss of stakeholder trust.

our_approach

OUR PROCESS

Educate

We arm you with the knowledge, tools and more importantly the confidence to establish a practical program.

Assess

We gain an understanding of your company’s operations, identify risks and compliance gaps, then formulate a road-map towards a legally defensible posture.

Operationalize

We support delineating clear roles and responsibilities for operationalizing privacy and security policies and practices, including Privacy/Security-by-Design to continuously identify and acceptably mitigate these risks.

Transform

We help secure your organization’s commitment to overcome cultural and organizational resistance.

OUR EXECUTIVE TEAM

MICHAEL COX

PRESIDENT

Speaking Events

Download vCard

Eric Schaleger

CHIEF INFORMATION SECURITY CONSULTANT

EDDIE COX

BUSINESS DEVELOPMENT

Speaking Events

TEAM

AFFILIATIONS & CERTIFICATIONS

CONTACT

SOCAL PRIVACY CONSULTANTS

OUR ADDRESS

35523 Royal Ct, Winchester, CA 92596

Email: info@socalprivacy.com
Tel: 619-318-1263

For any general inquiries, please fill in the following contact form:

contact

CLIENTS

We serve U.S. and international companies wishing to do business in the United States. Our clients range in size from 8 people to a Fortune 1000 company for whom we have performed gap and risk assessments across multiple business units and subsidiaries, including three acquisitions shortly after close. We have conducted M&A privacy and security due diligence on behalf of our clients and built a FTC consent order client’s security program in multi-state locations, helping them pass four consecutive biennial audits.

Our experience and expertise allow us to serve a wide range of industries covered by different laws and regulations. Our work is commonly performed at the direction of referring counsel under attorney-client privilege. Representative examples of our clients include:

Biotech,
Life Sciences,
Healthcare

High Tech / Internet

Genetic testing laboratories
Hospice Organization
Health technology Co.
Google Glass tele-health application
Laboratory information management systems company

Email security service
Web security / threat defense service
Database marketing analytics
Robotics
Online direct auto lender
Event management service

Financial Services

Hedge fund
Bitcoin company
Traditional loan company
Asset management company

Mobile Apps

Health fitness app
Lab testing requests and payment application

Since 2008, we've built a successful boutique consulting practice strictly through repeat referrals, primarily from privacy lawyers at major law firms, as well as some from client referrals and speaking engagements.