In the Information Age, credit card numbers, social security numbers, dates of birth, medical records, and other identifying information are housed on company servers, laptops, backup tapes, and removable media. As the regulatory protections around customer’s personally identifiable information (PII) grows, so does a company’s risks in acquiring, storing, and transmitting such information. Moreover, as new and varying legislation is passed in jurisdictions around the world, businesses need to stay compliant with ever-changing rules across international boundaries.
Stroz Friedberg’s policy and technical experts are adept at assisting with the wide variety of data privacy issues that arise in today’s digital economy. Our experience ranges from conducting privacy assessments across the enterprise, including gap analysis in relation to almost any industry regulation (e.g., Federal Trade Commission Fair Information Practice Principles (FIPPS), the Payment Card Industry Data Security Standards, European Union Data Protection Directive), to testing specific applications to locate repositories of PII. Our cadre of former federal prosecutors, Special Agents, regulators, and current Certified Information Privacy Professionals, operate at the intersection of technology and law, and bring a broad perspective on the issues that spans application and network security, digital regulation and data protection.
Our teams conduct extensive privacy audits, designed to assess the strength of computer security, policies and data agreements. Our assessments include interviews with key business and IT managers, analysis of back-end databases, and a technical review of documents. We also stress test and map our findings to the statutes and privacy guidelines that govern our clients’ practices or industries.
In addition, we conduct penetration and application security testing to check that databases housing PII are not vulnerable to attack. We assess whether encryption techniques are appropriately deployed at the server, desktop, and backup levels.
Our capabilities include:
- Enterprise Privacy Assessments
- Gap Analysis under Specific Standards
- Technical Analysis of E-Commerce Technology
- Privacy Data Mapping
- Source Code Analysis
- Forensic Testing of Digital Rights Management (DRM) Software
- Conduct Shadow Audits and Analyze Data Flow between Third Parties
- Behavioral Analysis of Browser Plug-In
- Analyze Third Party Adware Use