Building organizational resilience and developing a strong security culture are critically important components of an effective privacy and information security strategy. In addition, as legislative requirements become more robust and privacy agencies become more active, compliance with mandated standards becomes an increasingly important priority.
Some of the key service areas offered by Dunn Law include the following:
- Risk Assessment Audits – A comprehensive review of the current environment and safeguards in place with the objective of providing the foundation for a long-term information security plan. This should also address important issues of regulatory compliance.
- Training Programs – For staff and managers. Building resilience in the workplace and creating a security aware culture. Providing your staff and managers with the tools to identify and manage risks.
- Policy Development – Providing a policy direction and structure to your system. Building and managing an acceptable use and data security policy appropriate to your organization. Creating an accountability and governance structure for the management of risk.
- Privacy Impact Assessments – A process to incorporate privacy protection during the development of new initiatives, programs, services, and technology, and to determine the level of compliance of the proposed solution to legislated privacy requirements.
- Breach Response Protocols – Creating and testing a privacy breach response plan and maintaining a privacy breach registry.
- External Contract Review – Review of contracts with external organizations and service providers to ensure they are compliant with regulatory standards and that they have included appropriate safeguards relating to privacy and information security.
- Responding to Legal Processes – Making and responding to complaints and submissions to both the Federal and Provincial Privacy Commissioners. Making, receiving and responding to FOIPOP and other information access requests.
- Board Governance Issues – Advise on the appropriate role of the Board in providing oversight over information security issues.