Privacy Compliance Consulting

Privacy Compliance Consulting


Welcome to Privacy Compliance Consulting

PRIVACY COMPLIANCE IS NO LONGER A LUXURY. WE MAKE IT PRACTICAL AND ACHIEVABLE


image-placeholder
image-placeholder

Our singular goal is to provide Privacy Law & Regulatory compliance solutions for your entire organization. From addressing a one-off question to a full scope privacy audit, our experienced team will respond to your organization's specific needs.

Starting with a privacy assessment, we then assist in: (i) The development of Comprehensive Privacy Policy Documentation, (ii) Employee Training, (iii) On-Going Monitoring and (iv) Breach Response Planning - all to the end of insuring compliance with United States and International Privacy Laws and Regulations to which your organization may be subject.

The time to engage Privacy Compliance Consulting is before a privacy crisis arises.

Please contact us to begin a valuable discussion.

Like it or not, your enterprise is now a “Data Steward” for the personal information it collects


image-placeholder
image-placeholder

The frustrating part of being a good “Data Steward” is there are dozens of different regulatory agencies each insisting on different requirements and behaviors to comply with their respective regulations. As a team, Privacy Compliance Consulting provides well-trained, well-experienced Privacy Advisors to assess your Privacy Data and provide guidance that will bring your organization into compliance with its statutory and regulatory obligations. Additionally, our Privacy Advisors will suggest mitigation techniques to reduce the risk of Privacy Data leakage through carelessness and/or cyber attacks. In particular, our Privacy Advisors: 

Privacy Self Assessment Questionnaire


image-placeholder
image-placeholder

 As used in this Privacy Assessment, “personal information” is defined as: “information that is, or reasonably could be, attributed to and/or used to identify a specific individual.” Regarding that personal information accumulated and retained from customers/employees/vendors/independent contractors, answer the following questions:

  • Have you identified which domestic and international privacy-related laws and regulations and industry-specific standards obligate your enterprise to protect the privacy of personal information? Is your enterprise monitoring pending changes to privacy related laws and regulations?
  • Does your enterprise have specific policies and procedures related to personal information held by the enterprise?
  • Are your privacy policies and procedures clearly written and enforceable, and do they address the collection, use, disclosure, and retention of personal information?
  • Has the enterprise assigned a privacy officer for privacy issues? Does the privacy officer have clear authority to oversee the privacy policies and practices of the enterprise?
  • Does your enterprise regularly train employees concerning the policies and procedures for managing personal information?
  • Does the enterprise communicate its privacy policies and practices to your customers and others, including procedures to make inquiries and file complaints?
  • Has your enterprise compared its privacy policies and practices to those of its competitors and other similar businesses to see if they meet industry practices?
  • Does your enterprise have established procedures to monitor compliance with its privacy policies and practices?
  • Does your enterprise have a written agreement regarding the disclosure of personal information to affiliates or third parties?
  • Are your enterprise’s privacy policies and practices integrated into your IT architecture? Does that IT architecture keep the personal information accurate, secure, private, and confidential?

If the answer to any of the above questions is “No”, your enterprise would benefit from a comprehensive, independent assessment of the risks, controls, and business disclosures associated with the privacy of personal information. By employing good privacy practices, your enterprise will add value and reduce potential liability. 

Who We Are


image-placeholder

Montgomery Blair Sibley

Montgomery’s depth of knowledge in Privacy reaches back to 1986 when he litigated the first impression cases on the conflicts between the Electronic Communication Privacy Act and the Bank Secrecy Act and the scope of bank account holder’s privacy rights versus the government’s right to bank records under those Acts. With over 30 years of national and international legal and business experience, Mr. Sibley is grounded in law coupled with current certified knowledge of the 21st Century issues of Cybersecurity and Information Privacy regulation. The goal of Mr. Sibley’s consultation is to avoid the costly consequences to enterprises of ill-thought-out, ill-advised decisions in the privacy realm. Last, Mr. Sibley has been a Continuing Legal Instructor for over 15 years in Florida and Washington, D.C. 

image-placeholder

Rick Smith

Rick has over 16 years of experience in managing information systems to include, developing policies, portfolio management, writing programs and procedure development for information assurance programs. His various roles include a Network Administrator/Manager, Threat Analyst Subject Matter Expert, IA Strategic Planning and Database Manager. Rick has led efforts in growing IBM Cyber presence in areas like enterprise architecture planning, business process development (CMMI), security architecture development, operational managed service, COOP planning, information security strategic planning information security policy writing, privacy process, incident response planning, and monitoring strategy. 

image-placeholder

Isidoro Rodriguez

Isidoro has worked at the highest levels of the United States government including Director of Office of Civil Rights, USDA-Office of the Secretary and Special Advisor, White House. As to privacy rights, Isidoro has litigated in four different decades in both North and South America the privacy rights of individuals and corporations. Having served as a liaison for enterprises operating in South America and the Carribean, Isidoro has insured compliance with local laws and regulations. 

Contact Us


Drop us a line!

Privacy Compliance Consulting

402 King Farm Blvd, Rockville, Maryland 20850, United States

(202) 643-7232

Hours

Monday - Friday: 9am - 5pm

Saturday: By appointment

Sunday: Closed