In the Information Age, credit card numbers, social security numbers, dates of birth, medical records, and other personally identifying information (PII) are housed on company servers, laptops, backup tapes, and removable media. As the regulatory protections around customers’ PII grows, so does a company’s risks in acquiring, storing, and transmitting such information. Moreover, as new and varying legislation is passed in jurisdictions around the world, businesses need to stay technically compliant with ever-changing rules across international boundaries.
Stroz Friedberg’s technical experts are adept at consulting on the wide variety of data privacy issues that arise in today’s digital economy. Our experience ranges from conducting privacy assessments across the enterprise to testing specific applications to locate repositories of PII. We ensure our clients are operating in complete compliance with existing policies by conducting gap analyses in relation to almost any industry regulation (for example, Federal Trade Commission Fair Information Practice Principles (FIPPS), the Payment Card Industry Data Security Standards, European Union Data Protection Directive). With former federal prosecutors, Special Agents, and regulators among our team, we have deep understanding of the rationale behind specific policies, and comfortably operate at the intersection of technology and law. We bring a broad perspective on the issues that span application and network security, digital regulation and data protection.
Our teams conduct extensive privacy audits, designed to assess the technical strength of computer security, policies and data agreements. Our technical assessments include interviews with key business and IT managers, analysis of back-end databases, and a review of documents. Our work is guided by the statutes and privacy guidelines that govern our clients’ practices or industries. In addition, we conduct penetration and application security testing to check that databases housing PII are not vulnerable to attack. We assess whether encryption techniques are appropriately deployed at the server, desktop, and backup levels.
Our capabilities include:
- Enterprise Privacy Assessments
- Gap Analysis Under Specific Standards
- Technical Analysis of E-Commerce Technology
- Privacy Data Mapping
- Source Code Analysis
- Forensic Testing of Digital Rights Management (DRM) Software
- Shadow Audits and Analysis of Data Flow Between Third Parties
- Behavioral Analysis of Browser Plug-In
- Third Party Adware Use Analysis