The R3P Mandatory Breach Notification Preparedness Assessment

A special assessment conducted by R3P Consulting if your organization has data across various providers.

 This assessment involves an analysis of the current environment, and the state of preparedness of the organization in question. An examination of contractual agreements the organization has with providers to ensure that key requirements are covered, and contingencies understood.

Explores the “process design” and “implementation considerations” where there are multiple providers involved with varying contractual obligations in play. Where PIPEDA data are spread among different internal /external providers, and where providers are multi-tennant. There is a requirement here to understand not only PIPEDA accountability but also the responsibilities of the client organization and the various providers.

It is fairly straightforward to understand the steps to achieve compliance when data is in a singular controlled environment (which is very seldom the case). However, the task increases exponentially when multiple providers are involved.

Understanding how to layer a single unified logical PIPEDA approach on top of data complexity.
What is the role of SaaS providers (Workday, Salesforce, …) and IaaS providers (MS-Azure, AWS, Rackspace, …) in the process, and has this role been agreed on and included in contractual terms.

The advantages of moving security & privacy operational management responsibility out of large outsourcing contracts into a distinct and separate Managed Security Services Provider.  Is there a role for a Chief Data Officer (CDO) in the organization, or can this responsibility be outsourced.

r3p_logov4

Grant Geminiuc, Managing Director
R3P Consulting Limited
T. 416 • 435 • 9723
www.R3Pconsultants.com
20 Bay Street, 11 Floor • Toronto • ON • M5J-2N8

The views expressed in this document are solely the views of the author(s). This document is intended for informational purposes only and is not legal advice or a substitute for consultation with a licensed legal professional in a particular case or circumstance.