Data privacy
Your data privacy need?
Of course you care about the privacy and trust of your employees, members, clients, agents, etc. You also want to run your business in the most optimal way. Sometimes these two objectives seem to conflict.
You may already have asked yourself one or more of these questions:
- Can we collect and process client information using data mining techniques, without compromising client privacy?
- Can we centralise the processing of payroll and HR functions without infringing local privacy regulations?
- Can we consolidate data centre processing, given that our databases contain personal transactions and other information related to end users?
- Can we ask candidates to fill in detailed, private information on our recruitment web site?
- Can we successfully defend our interests in a litigation using electronic forensics while preserving the privacy of individuals?
- Can we verify the authenticity of electronic documents, yet observe the privacy of our agents?
- Can we use direct e-mail as a marketing tool without being regarded as a spammer abusing the information we maintain on our members?
- Can we be sure that we do not have inadvertent leakages of private data, given our worldwide interconnections?
- Does our customer loyalty scheme pose risks to data privacy?
The EU has led government data privacy initiatives to protect the privacy of its citizens. The US has a combination of legislation to protect the citizens' rights (COPPA, CAN-SPAM) and sector-led initiatives to protect the privacy of patients and customers (HIPAA, GLBA). How can a multinational ensure compliance with relevant legislation and regulations, while optimising its business operations and administration?
It is no wonder that many organisations doubt the status of their data privacy control and even whether their data processing would stand up to detailed scrutiny.
Ensuring Data Privacy
Our services allow you to make maximum use of the data within your databases and systems, in confidence that you are in compliance with data privacy regulations. We can provide a compliance management strategy for cross-border data flows and a framework of policies, procedures and local guidance. Our services also help you set up sound outsourcing agreements with respect to the processing of personal data, and enable sound decisions on data centre consolidation.
In order to help gain confidence in compliance and in the effectiveness of your data privacy policies, we provide:
- A compliance management strategy for cross-border data flows
- A framework of policies, procedures and local guidance
- Registrations and notifications with national authorities, where and when applicable
- Binding corporate rules as a means of facilitating the transfer of personal information and as a serious alternative to other compliance mechanisms
- Third-party processor agreements with respect to the disclosure of personal data
- Management of key issues, such as employee monitoring, complaint handling and subject access request procedures
- Training and awareness tools and materials
Success is not a one-off event and requires ongoing attention and hard work. We aim to build sustainable control and can engage with you on an ongoing basis to continuously monitor effectiveness and efficiency of the controls and security. Our methodology is designed to support any or all of the four phases of our security services: Assess, Architect, Align, Attest.
Material on this website is © 2013 Deloitte Global Services Limited, or a member firm of Deloitte Touche Tohmatsu Limited, or one of their affiliates. See Legal for copyright and other legal information.
Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee, and its network of member firms, each of which is a legally separate and independent entity. Please see www.deloitte.com/about for a detailed description of the legal structure of Deloitte Touche Tohmatsu Limited and its member firms.