IBM Premier Business Partner
:: IT AUDIT & COMPLIANCE SERVICES ::
Overview IT Auditing and Risk Assessment Services IT Audit and Compliance Services for Financial Institutions Business Continuity Services Business Continuity Program
Portal Payment Card Industry (PCI) Compliance Services Security Assessment Services IT Compliance Services for Privacy Regulations Computer Forensics and Incident Response
Lighthouse Webcasts
Lighthouse Newsletter
SubscribeView Newsletters
Ask the Experts

IT Compliance Services for Privacy Regulations

To better service the compliance and audit needs of our customers, Lighthouse Computer Services has established a strategic partnership with Compass IT Compliance, LLC. The members of Compass IT Compliance, LLC are highly experienced and certified, and the company’s managing partners were formerly senior consultants within the Lighthouse IT Compliance Group.

New rules require stronger protection of personal information in order to prevent identity theft and protect consumer privacy.

In the Internet age, sensitive personal data remains constantly at risk due to malicious actions and human error. According to the Identity Theft Resource Center (ITRC), a consumer becomes a victim of identity theft every two seconds. The costs to consumers, businesses and society as a whole are astronomical.

To combat this threat, various states and the federal government have enacted a wide range of regulations requiring covered organizations to protect sensitive data. The following are some examples:

  • The Health Insurance Portability and Accountability Act (HIPAA) regulates how covered entities use and disclose certain individually identifiable health information.

  • The Fair and Accurate Credit Transactions Act (FACTA) of 2003 requires that organizations take steps to prevent identity theft and improve the accuracy of consumer credit information.

  • FACTA includes the so-called Red Flag Rules, which go into effect August 1, 2009, requiring credit-granting entities to help detect, prevent and mitigate identity theft.

  • The Safeguards Rule issued by the FTC in conjunction with the Gramm-Leach-Bliley Act (GLBA), which requires all financial organizations to identify sensitive data, control physical and network access to such data, encrypt data transmitted over networks, and train employees to maintain these and other security measures.

  • More than 40 states, as well as the District of Columbia, Puerto Rico and the U.S. Virgin Islands, have passed laws requiring organizations to notify consumers of a data security breach.

  • Massachusetts General Law (MGL) 93H mandates that security precautions be taken and notice be provided in the event of any unauthorized access to, or use of, personal information. Chapter 93I imposes certain destruction requirements for any records, paper or electronic, containing such information.

  • A new Massachusetts privacy regulation (MA 201 CMR 17), which goes into effect January 1, 2010, requires businesses that serve consumers in Massachusetts to proactively avoid data compromises by, among other things, encrypting personal information.

Compass Supports the AICPA's 10 Privacy Principles


Ensure Privacy Compliance with Compass

Compass offers sound strategies for complying with complex state and federal privacy regulations.

Organizations covered by one or more of these regulations are justifiably confused as to how to meet data protection mandates. Inconsistencies in state rules make compliance difficult, and many of the federal rules offer only generalized guidelines. The key is to create a sustainable framework that addresses all applicable regulatory requirements globally. A piecemeal solution will only drive up costs and sap IT performance. 

Compass IT Compliance, LLC can help ensure that your organization is compliant with the myriad of current and emerging regulations concerning the privacy of your customers’ information. 

Compass solves your data privacy challenges by designing an integrated framework that leverages industry-standard IT controls to address multiple regulatory requirements. Compass IT Compliance, LLC utilizes the Generally Accepted Privacy Principles (GAPP) developed by the American Institute of Certified Public Accountants (AICPA) to help customers develop a global privacy framework. With GAPP as a guide, the Compass team can help organizations develop effective policies and procedures for safeguarding sensitive information.

To ensure that you meet regulatory requirements, Compass follows a strict step-by-step process:

Step 1
Perform a Privacy Assessment, which typically includes the use of Data Leakage tools.

Step 2
Classify data types that an organization processes.

Step 3
Prioritize the highest risks to be remediated by updating policies and procedures and implementing risk-mitigation solutions. Compass ensures all security gaps are closed.

Step 4
Conduct privacy training for the entire staff. The training should be integrated with company policies and conducted on a regular basis.

Step 5
Ongoing monitoring to evaluate new threats and update policies, procedures and training to improve data security and keep pace with changes to IT and the business.

A comprehensive IT compliance solution from Compass, built upon best practices and continual process improvement, creates a sustainable regulatory compliance strategy.

 

For more information, or to schedule a consultation, please visit Compass IT Compliance, LLC, or call Compass at 888-246-7594.

Home | Company | Practices | Products | Customer Success | News and Events | Careers | Partners | Privacy | Site Map
Copyright©2012  Lighthouse Computer Services, Inc.
Customer Login Employee Login