Privacy Ref Case Study: Sontiq Takes Critical Steps to be Privacy Law Compliant

Privacy Ref is an expert firm that could help with the practicalities of developing and implementing a sophisticated privacy program.

Many firms tell companies what they have to do for compliance. Privacy Ref is unique in telling clients what they have to do and how to do it.”

— Bob Siegel


Complexities of ever-expanding privacy laws all over the world mean that legal departments at many companies, large and small, need help in navigating complex laws, keeping up with new legislation, and ensuring corporate, as well as employee compliance. That’s where the experience and knowledge of Privacy Ref’s seasoned consultants come into play. Privacy Ref’s ongoing relationship with Sontiq, the leader in Intelligent Identity Security (IIS) showcases an effective transition from regulatory compliance as part of a legal department to the establishment of a dedicated information privacy function overseen by a Chief Privacy Officer.

Sontiq provides identity theft and cyber fraud protection to global businesses — including those in the banking and insurance industries — and consumers. Providing services to the financial sector is complicated. Early in the growth of regulations governing data privacy, Sontiq’s legal department, led by General Counsel John Burcham, found itself managing a myriad of compliance and data privacy regulations. Much of this was related to the Consumer Financial Protection Bureau (CFPB) protections in the banking industry. Then, Federal Trade Commission (FTC) regulations arose to ensure companies were enforcing policies they established, and that these practices were communicated to customers. Now, added to the CFPB and FTC, are the California Consumer Protection Act (CCPA), Virginia’s Consumer Data Protection Act, Canadian compliance, and the General Data Protection Regulation (GDPR) of the European Union with many emerging laws on the horizon.

As Sontiq’s cybersecurity client footprint grew after its acquisition of Cyberscout, Burcham recognized the need for additional expertise and support. In leading Sontiq’s corporate efforts to meet information privacy requirements, Burcham quickly aligned with Privacy Ref’s Founder and President Bob Siegel to undergo extended privacy officer certification. Burcham explained, “We needed a highly-reputable resource with broad experience working with multiple industries to act as a sounding board and suggest where and how to expand our information privacy practices. Some companies use a law firm to address the technicalities, but after having taken a privacy officer certification class led by Bob Siegel, we sought Privacy Ref as an expert firm that could help us with the practicalities of developing and implementing a sophisticated program.”

About its client relationships, Siegel says, “Many firms tell companies what they have to do for compliance. Privacy Ref is unique in telling clients what they have to do and how to do it.”

Privacy Ref’s Rapid Privacy Program Assessment™ is the first step in identifying each client’s information privacy needs. This involves an inventory of data being stored, a review of existing policy documents, and a lot of questions about current practices. A final report breaks down legal requirements into easy-to-understand tables and then utilizes other frameworks that make it simpler to be compliant.

Following conversations around a variety of projects identified in the assessment, Sontiq implemented a successful Trust Center model. The Trust Center is a centralized location to develop and store all documents and activities related to information privacy, security, and compliance. This is made clear to clients with a dedicated website tab. “Privacy Ref, collaborated with our marketing team to help make this happen,” Burcham adds. In addition, Privacy Ref helped expand the program to include the preventive aspects of employee training as well as an ongoing up-to-date knowledge base to address state and international regulations.

The assessment highlighted two key employee positions to oversee the upgraded privacy work. Sontiq added the role of Privacy Program Manager to operationalize a new internal privacy policy. The policy was created using a Privacy Ref template — with the assistance of Ben Siegel, Privacy Ref’s Senior Privacy Consultant — to meet CCPA requirements of transparency in corporate policies, and documents that could be easily understood by the general public.

Privacy Ref brings a distinct point of view and on-the-ground advice to executing Sontiq’s information privacy program. With the constantly changing environment of international privacy laws and regulations, Privacy Ref helps Sontiq keep up on the general state of compliance with those that affect the company and its clients.

Sontiq’s information privacy program has evolved into one where there is a focus on determining what is internal information technology security and what is data privacy, providing integration where IT security crosses over into privacy, document compliance, and training people on the inside who have access to data as to how they can use it and whether they have authority to answer sensitive questions.

Having developed a relationship with Privacy Ref, Sontiq’s Burcham says, “The evolution of the landscape of privacy regulations and the acceleration of regulations has been phenomenal. What used to be insignificant is now huge. Along with confusing overlap, there is little consistency. Having someone staying on top of the changes and the details is one of the reasons we will continue to partner with Privacy Ref in this area.”

Because laws, business models, competitors, and technology change over time, Privacy Ref continues to conduct cost effective annual assessments for Sontiq and provides TrustArc software as a managed resource for Sontiq’s privacy impact assessment program. When new projects arise, Privacy Ref conducts privacy impact and risk assessments to address potential issues before they happen. Privacy Ref’s knowledgeable team acts as advisors and supplements Sontiq’s internal information privacy team by supplying resources to keep the program running. This ongoing relationship ensures that any requirements for updating of the privacy policies and employee training are met.

Diana Lozano
Privacy Ref
+1 888-470-1528
email us here
Visit us on social media:

You just read:

News Provided By

August 30, 2021, 16:58 GMT

EIN Presswire’s priority is source transparency. We do not allow opaque clients, and our editors try to be careful about weeding out false and misleading content. As a user, if you see something we have missed, please do bring it to our attention. Your help is welcome. EIN Presswire, Everyone’s Internet News Presswire™, tries to define some of the boundaries that are reasonable in today’s world. Please see our Editorial Guidelines for more information.