Privacy Program Services
Safeguarding Your Privacy Assets 
xTerraLink awarded a contract with California Department of Public Health.
xTerraLink awarded an Independent Security Vulnerability Assessment the California Department of Tax and Fee Administration (CTDFA).
xTerraLink awarded an Independent Security Assessment based on California AB670 for the California Department of Insurance (CDI).
xTerraLink partnered with IBM to help support the CCPA compliance Privacy Program.
xTerraLink recently selected and awarded a contract with California Department of General Services.
xTerraLink was awarded a California State Board of Equalization enterprise wide independent security architecture assessment contract. xTerraLink's unique Information Security and Privacy Assessment Framework coupled with its experience edged xTerraLink over its closest competitor.
xTerraLink's President was part of a subject matter expert panel on information security.
xTerraLink was awarded a contract with the California State Auditor.
xTerraLink was awarded a subcontract agreement with the State Compensation Fund to help support the Fund's Information Security Program.
Privacy Program
About xTerralink Privacy Program - A successful privacy program is a complex undertaking. The privacy team needs to stay abreast of regulatory and statutory changes, watch for potential threats from both external and internal sources, assure compliance in existing or emerging business practices, respond to stakeholder inquiries, and provide privacy leadership to their organization, to name just a few of their myriad responsibilities. With this many balls to keep in the air, how can you quickly explain the key attributes of a successful program?
At xTerralink, our team will help you in building your Privacy program including but limited to:
- 1.1 Privacy Program Assessment
- 1.2 Privacy Program Implementation
- 1.3 Privacy Awareness Training
- 1.4 Privacy Security Awareness Training
1.1 Privacy Program Assessment
To establish a comprehensive Privacy Program, the initial step that must be taken is to conduct a Program Assessment that includes a gap analysis (“Assessment”). The Assessment begins by mapping and evaluating the regulatory implications by which your organization must comply with. For example, if you are an organization that falls under the purview of the California Consumer Privacy Act (CCPA), then you must align your privacy program to meet such regulation. If your organization on the other hand is a healthcare organization, then your organization must adhere to the Health Insurance Portability Accountability Act (HIPAA). On the other hand if your organization is a state entity, then the state entity must comply with the State’s Information Privacy Policies that are published as part of the State’s Information Security and Privacy Program. The Assessment includes the Privacy Standards that are published as part of industry know frameworks (e.g., National Institute of Standards and Technology “NIST”) and measuring the organization’s policies and standards practices to known standards. The outcome of the Assessment includes detailed recommendation for how the organization will achieve compliance. Additionally, and as part of the Assessment, a compliance plan that includes a roadmap and strategic initiatives to help guide the organization to achieving privacy compliance methodically.
1.2 Privacy Program Implementation
A Privacy Program must comprehend the complexity associated with the requirement of the program. A Privacy Program includes but not limited to the following components:
- 1. Privacy Program Charter
- 2. Privacy Program Leadership
- 3. Privacy Program Leadership Role & Responsibility
- 4. Privacy Program Structure
- 5. Privacy Program Policies
- 6. Privacy Program Procedures
- 7. Privacy Data Classification
- 8. Privacy Impact Assessment
- 9. Privacy Security Requirements
- 10. Privacy Program System Development Lifecycle
- 11. Privacy Program Governance
- 12. Privacy Awareness Program
- 13. Privacy Security Awareness Program
- 14. Privacy Program Monitoring
- 15. Privacy Program Metrics
Whether your organization is building a new or updating/refreshing its Privacy Program, xTerraLink has the appropriate methodology to quickly stand up program for your organization and help you with processes that monitor the program.
1.3 Privacy Awareness Training
Regular privacy awareness training is considered a common reasonable safeguard to protect sensitive information and the reputation of the business entity that collects or sells information. Privacy awareness training can help prevent breaches or help the organization’s employees to spot and stop the breach quickly. xTerraLink offers a comprehensive security awareness training that is easy to follow and includes but not limited to the following areas:
- 1. Define privacy and explain its importance
- 2. Identify privacy laws, regulations, policies, and principles
- 3. Understand your role in protecting privacy and the consequences for violations
- 4. Define Personal Identifiable Information (PII) and list examples
- 5. Define Federal Tax Information (FTI) and list examples
- 6. Protect PII/FTI in different contexts and formats
- 7. Recognize potential threats to privacy
- 8. Report suspected activity or a potential privacy incident
1.4 Privacy Security Awareness Training
Security awareness training is a formal process for education employees of the organization about computer security and good computer hygiene/practices. Regular training is particularly necessary in organizations with high turnover rates and those that rely heavily on contract or temporary staff. xTerraLink offers a comprehensive security awareness training that is easy to follow and includes but not limited to the following areas:
- 1. Define information security
- 2. Identify drivers for protecting information and assets
- 3. Define privacy
- 4. Recognize common threats to information and assets
- 5. Understand your role and responsibilities
- 6. Identify where to locate our Organization’s Info. Security resources
Additionally, xTerraLink offers a secondary security awareness module tailored for the Information Technology professional. The module includes but not limited to the following areas:
- 1. Understand your role and responsibilities to protect information security as an IT Administrator
- 2. Define the basic components of an information security program
- 3. Identify legislative drivers for protecting information systems
- 4. Understand the Risk Management (RM) and how they relate to the development of secure IT systems
- 5. Understand the basics of responding to a security or privacy incident
- 6. Understand the basics of access control
- 7. Identify where to locate our Organization’s policies, procedures, and guidance for securing IT assets
If you have questions or need assistance with building and/or enhancing your Privacy Program, please click the Learn More button below to reach out to one of our xTerralink team member.
Learn More