Privacy Industry Index (PII): Vendors
The privacy industry is young and fast moving. What used to be the fascination of academics has become a business pursuit. Protecting data has value and you have to invest to make sure that data is properly protected. Businesses must work with a large collection of vendors from a variety of disciplines to reach their privacy goals. From the legal advisors to the insurance companies to the IT services and software, the IAPP has sought to wrap its arms around the industry of privacy to get a handle on the universe of privacy vendors. This is a first attempt at defining a subset of the industry, step one of many, and we did our best to identify vendors that IAPP members are working with. This is a work in progress. There is much more that needs to be done. Rest assured that the IAPP is hard at work on dynamic new projects to help you as a privacy professional and to expand the industry of privacy.
Thanks to Andrew Clearwater, CIPP/US, Dennis Holmes, Adam Quinlan and Katie Audet for help in compiling these lists.
Find a Vendor
2b Advice PrIME is a web-based data privacy management software solution designed to help organizations manage their privacy programs in a simple and efficient manner by documenting data flows, helping to train staff, performing privacy impact assessments, and running privacy audits. The software has a number of other features, including generating reports to ensure the company is in compliance with regulations, benchmark tools to ensure companies can prove they are meeting their privacy goals, and systems to allow employees to communicate with other members of their team to manage tasks, and send alerts when work is finished. Audits can be run to identify privacy gaps and to improve a company’s privacy program.
3PHealth is a communications platform for health enterprises and their users, providing privacy and s curity solutions for the transfer of sensitive personal health information, not only between a primary care physician and her patient, but between the patient’s mobile device and connected medical devices. 3PHealth’s platform also manages patient consent to help users control the collection, flow, use, and assignment of their private data. Its technology also allows users to users to fine tune their sharing preferences in a secure fashion.
Accenture is a leading global professional services company, providing a broad range of services and solutions in strategy, consulting, digital, technology and operations.
We develop and implement technology solutions to improve our clients’ productivity and efficiency—and may run parts of their operations on their behalf. Ultimately, we enable our clients to become high-performance businesses and governments.
Established in 1998, Acumin is a cyber security and information risk management recruitment specialist with a global reach. We have developed an extensive breadth of knowledge across all requirements in our space, encompassing end user, consultancy, systems integrator, and vendor organisations.
Our recruitment services can be completely tailored to your business needs, with our core offerings comprising of permanent, contract, and retained search. Beyond this we have worked with clients to provide team moves, European market entry, and outsourced recruitment services.
Akin Gump’s cybersecurity, privacy and data protection practice understands the unique needs of businesses and has extensive experience helping clients navigate the myriad government regulations pertaining to data privacy and security.
Our areas of focus include:
- Data Breach Response and Related Litigation
- Health Information Privacy and Security
- Government Relations
- Employee Data Privacy Advertising, Marketing and Sales
- Communications and Information Technology
- Financial Data Privacy
- Disclosure of Information to and by the Government
- Gap assessments
- Control framework
- Actionable compliance roadmaps
Global Data Transfer Strategy
- Privacy Shield assessment and certification
- Data localization compliance (Russia, APAC, EMEA, Australia, New Zealand)
Data Protection Officer (DPO) Services
- DPO placement and referral
- Contractual DPO services
Privacy and Data Protection Program Development
- Program operationalization
- Legal and control frameworks
- Training and awareness
Privacy and Data Protection Risk Management
- Web, mobile, and cloud compliance
- Privacy Impact Assessments, gap assessments
- Information lifecycle management
Information inventory and data maps
- Service provider due diligence and compliance
- Privacy due diligence in M&A transactions
Joyce Brocaglia founded Alta Associates in 1986. Today Alta is the most prominent boutique executive search firm specializing in Cyber Security, IT Risk Management and Privacy. Alta has established an unparalleled track record for placing key C-level executives, and building world class teams in various industries throughout the US.
“Most of our clients are seeking an executive who can increase the credibility of their department, influence the culture of the organization and effectively partner, sell and deliver their initiatives globally to diverse businesses with varying risk tolerances. Finding this new breed of executive and building the teams that support them is difficult and that is why companies retain Alta”, says Joyce Brocaglia, CEO of the company.
The ACLU works to expand the right to privacy, increase the control individuals have over their personal information, and ensure civil liberties are enhanced rather than compromised by technological innovation.
Strategically-focused, result-oriented lawyer with over 20 years unique public- and private-sector expertise in health information privacy and security, domestically and globally.
Specialties: Practical, real-world solutions that maintain privacy compliance, while at the same time ensuring that business/program objectives are met.
The Anonos platform improves the value of data by embedding digital rights managementlike systematic capabilities into the data to prevent unauthorized use. It does this by replacing persistent identifiers with constantly changing identifiers to capture data and provide control throughout the data’s life cycle. The platform “anonosizes” the data, meaning any data subject can map to any data attribute, and vice versa. The data can then be programmed to support data protection policies applicable to different companies, industries, states, and countries. The data can be adjusted in real time to the changing requirements of different policies, including the General Data Protection Regulation.
Arcad has several software solutions for helping organizations with their data. Their Datachanger software helps a company with data configuration management. It identifies and maintains a list of configuration data and packages them into different versions. It builds audits for the data, and lets users see what data elements were changed, the before and after of the changes, who changed the data, and when. The company’s DOT Anonymizer allows testers to safely extract production data for testing.
AvePoint offers numerous solutions to ensure companies are in compliance with regulations. Its data governance solution allows companies to maximize their compliance efforts by integrating polices to actively enforce data governance, while using different tools to minimize compliance risks. Its compliance solutions monitor and report on the actions and safeguards a company has implemented to prove their policies are in compliance. The solution lets companies export action reports to highlight process to C-suite executives and legal professionals. Its management tool allows companies to automate the process of detecting and responding to out-of-policy changes as they occur.
Our global privacy practitioners understand the interplay of privacy requirements with labor and employment laws, consumer protection laws and other local laws. We advise on privacy policies, data storage, retention and destruction, privacy complaints and investigations, disputes, data access requests and transfer and disclosure agreements. We also conduct multi-jurisdictional reviews of the collection, use and transfer of data.
Established in 1989, Barclay Simpson is the leading corporate governance recruitment consultancy. Throughout the UK, from our office in London, we recruit permanent and interim internal and IT audit, risk security and resilience, compliance, legal, and treasury professionals across all economic sectors.
Our strength lies in the degree of understanding and depth of experience of our consultants in these distinct but interrelated disciplines. Our consultants are specialists who build their knowledge on a long term basis. This enables us to provide a uniquely informed and consultative recruitment service.
Baycloud Systems is the leading provider of consent solutions to international companies enabling compliance with GDPR, ePrivacy, and Do-Not-Track. Our consent platform actively manages cookies, browser storage, and embedded third-parties, as well as the consent request process, with a customised multi-language user experience. Choice is automatically applied to multiple sites, continuously visible, and revocable at any time or automatically after a configurable “sunset” period. As invited experts on the W3C TPWG, we ensured the platform implements the DNT Consent API, enabling the communication of user consent to embedded third-parties. Our browser extension bouncer implements the API while enforcing DNT.
Secure your data wherever it travels with full disk encryption software.
- Protect the data on your device from theft or loss
- Transparent to the user and easy to deploy and manage
- Single sign-on, password recovery and optional two-factor authentication
- Unique pre-boot authentication for touchscreen tablets
- Secure network authentication - ideal for a desktop estate
Prevent data leakage with Becrypt's port control options.
- Enforce policy and controls around the use of removable devices and media
- Ensure that corporate data cannot inadvertently or deliberately be leaked
- Full central management, audit and reporting capabilities
- Fully integrated with Becrypt's Disk & Media Encryption products
- Reduce data loss and introduction of malware
Enabling the use of media for flexible data storage and sharing.
- Easily encrypt files and folders for transportation or sharing
- No need for pre-installed software on recipient devices
- Data is protected from theft or loss
- Full central management, audit and reporting capabilities
- Fully integrated with Becrypt's device level port control
BigID provides automated enterprise software for managing and protecting customer and employee data in the data center or cloud. BigID’s technology combines machine learning and identity intelligence to optimize data discovery, inventory by data subject, and to map data flows across critical business processes. For privacy professionals, BigID simplifies compliance with several GDPR requirements, including data subject rights management, consent tracking, DPIAs, risk analysis and data breach notifications. Other privacy use cases include data residency, crossborder transfer, re-identifiability, data lineage, and retention and minimization analysis. For security professionals, BigID provides breach prevention and response management with integrations for breach detection and enforcement tools for enhanced data protection.
BORDC is a national non-profit, non-partisan organization working to restore the rule of law and our constitutional rights and liberties. We aim to make police and intelligence agencies accountable to we, the people whom they serve. We support an ideologically, politically, ethnically, geographically, and generationally diverse grassroots movement, focused on educating Americans about the erosion of our fundamental freedoms; increasing civic participation; and converting concern and outrage into political action.
Blancco Technology Group is the de facto standard in data erasure and mobile device diagnostics. The Blancco Data Eraser solutions provide thousands of organizations with an absolute line of defense against costly security breaches, as well as verification of regulatory compliance through a 100% tamper-proof audit trail. Our data erasure solutions have been tested, certified, approved and recommended by 18 governing bodies around the world. No other security firm can boast this level of compliance with the most rigorous requirements set by government agencies, legal authorities and independent testing laboratories.
The Blancco Mobile Diagnostics solutions enable mobile network operators, retailers and insurers to easily, quickly and accurately identify and resolve performance issues on their customers’ mobile devices. As a result, mobile service providers can spend less time dealing with technical issues and, in turn, reduce the quantity of NTF returns, save on operational costs and increase customer satisfaction.
Systems Delivery | Engineering and Sciences | Cyber | Analytics | Consulting
We live to solve problems. It’s just that simple. And we are not afraid of the unknown. For more than 100 years, we have been one step ahead, solving challenges where there were no roadmaps, and investing in the right capabilities, markets, and talents to tackle the emerging issues of our time. Our solutions help clients combat global terrorism, strengthen cyber defenses, transform healthcare, improve efficiency, and manage change.
Cyber Fraud and Risk Management
Ensure regulatory compliance and stop fraudulent activity and data theft with protection against cyber-attacks, insider threats, web and mobile fraud, payment fraud, and money laundering.
Healthcare privacy and data security
Following HIPAA and HITECH mandates, create a full cross-application audit trail of end-user access to protected health information, detect unauthorized user behavior in real-time, and replay interactions when needed to help detect and prevent fraud.
The Cato Institute is a public policy research organization — a think tank – dedicated to the principles of individual liberty, limited government, free markets and peace. Its scholars and analysts conduct independent, nonpartisan research on a wide range of policy issues.
At the CDT, we believe in the power of the Internet. Whether it's facilitating entrepreneurial endeavors, providing access to new markets and opportunities, or creating a platform for free speech, the Internet empowers, emboldens and equalizes people around the world. As a 501(c)(3) nonprofit organization, we work to preserve the user-controlled nature of the Internet and champion freedom of expression. We support laws, corporate policies, and technology tools that protect the privacy of Internet users, and advocate for stronger legal controls on government surveillance.
The CDD is recognized as one of the leading consumer protection and privacy organizations in the United States. Since its founding in 2001 (and prior to that through its predecessor organization, the Center for Media Education), CDD has been at the forefront of research, public education, and advocacy protecting consumers in the digital age.
CipherCloud for cloud discovery helps an organization identify sensitive data to minimize risk. The dashboard examines data by usage, data volume and risk level. CipherCloud also features an activity monitoring service for the cloud, including for Box and Salesforce, allowing a company using the platform to monitor activity, data flows, examine all data in use, and prevent data loss. The SalesForce version lets an organization determine whether there is any unnatural behavior coming from users. The ServiceNow feature allows for privacy controls to be added with sensitive business processes.
Clearswift offers a platform designed to help an organization identify, manage, and protect their sensitive information. The platform does this by inspecting a company’s data communication flows, including emails, web, and online collaboration tools, and examining data both in motion and at rest. The platform monitors data based on the company’s own classification rules, allowing it to ensure the organization is in compliance, protected against data leaks, data usage policies are enforced, and it can discover data duplication and manage out of date documents. Clearswift also provides data visualization to help ensure compliance with the GDPR.
Clearwater Compliance offers software designed to help companies create privacy and breach notification compliance programs. The software helps companies navigate through the 78 requirements of the HIPAA Privacy Rule and 10 requirements for the Breach Notification Interim Final Rule. The software helps organizations identify gaps in their privacy and breach notification programs, stores all compliance documentation in a central, secure location, creates and prioritizes remediation actions, and prepares documentation in case of an OCR audit. It also includes an Executive Dashboard that is updated as gaps are fixed.
Colleary and Co provides litigation and commercial law services to businesses small and large. From start ups to multinationals, we work with a large range of clients - providing legal support services to help our clients achieve their goals. We ensure that the legal issues are expertly handled in a cost effective manner. Our team has acted for state bodies, financial services institutions, SME’s multinationals, entrepreneurs and business owners.
Consentua is an app that captures users’ consent to the use of personal data. The app provides regulatory compliance to organizations processing data and allows individuals to control the manner in which their data is used. The app offers a user-friendly dashboard allowing users to see which providers have access to their browsing history, location, health data, and other information. The app ensures companies are compliant with the GDPR by offering query consent in real-time to detect revocations and offers audit trails to demonstrate that the companies are indeed tracking consent.
Consumer Action seeks to create an environment in which individuals have the right to be protected by strong privacy laws, control their personal information and make meaningful choices in their interactions with corporations and government.
Consumers have a fundamental right to the privacy and security of their personal information. These rights extend to collection and control of personal data, limits on commercial and government surveillance, prohibition of discriminatory data practices, and safeguards for consumers’ personal information from unauthorized exposure and use. CFA promotes consumers’ privacy rights by advocating for strong laws and regulations, encouraging fair and effective data practices, and supporting vigorous enforcement to curb privacy abuses.
Consumer Watchdog is a nonprofit organization dedicated to providing an effective voice for taxpayers and consumers in an era when special interests dominate public discourse, government and politics. We deploy an in-house team of public interest lawyers, policy experts, strategists, and grassroots activists to expose, confront, and change corporate and political injustice every day, saving Americans billions of dollars and improving countless lives.
Consumers Union is the policy and action division of Consumer Reports. We work with our million plus activists to pass consumer protection laws in states and in Congress. We hammer corporations that do wrong by their customers, and encourage companies that are heading in the right direction.
- Cyber Security Strategy & Advisory
- GRC Implementation and Controls
- Regulatory & Statutory Compliance Management
- Policy and Process
- 3rd Party Assurance & Risk Assessment
- Pre-Audit Posturing & Preparation
- Post-Audit Findings Remediation
- Vulnerability Assessment & Penetration Test
- Security Architecture Transformation
- Organizational Change Management
- Resource Optimization
- Platform Standardization
- On-Demand Leadership
- IT Service Management Maturity
- Security Awareness and Training
- Secure SDLC Program Implementation
Cryptzone’s Compliance Sheriff scans the content on a website to ensure the company is not out of compliance with privacy laws. The Compliance Sheriff monitors online content to ensure information is kept safe and appropriate and within regulatory guidelines. The tool sends out automated email notifications to alert site administrators to any content that may be in violation so they can address it quickly. It also helps companies prevent privacy breaches involving personal and health information.
Helping Businesses Manage the Personal Data of Employees and Customers
The patent-pending CSR Readiness Suite, available only through resellers, affordably offers enterprise-level risk evaluation to help small and medium-sized businesses comply with a host of regulations related to personally identifiable information (PII). Readiness provides comprehensive guidance to review, revamp and revisit processes for handling and reporting loss of PII data of customers, employees and vendors.
Founded in 2016, D.Day Labs uses artificial intelligence to automatically manage both structured and unstructured data in various repositories. D.Day Labs’ solution, DataSense is able to classify data, enforce security policy, and actively respond to both internal and external security threats in real time. DataSense provides actionable risk and compliance assessment with automated violation remediation. The solution brings an integrative approach to data management and compliance with a single, comprehensive platform.
Recruitment solutions for the Data Privacy and Information Governance recruitment market. Data Privacy Recruitment Ltd has leading ability and experience to identify the best talent for both private and public sector organisations in all geographies. We service the UK, Europe and all other international geographies as required.
DataGravity allows a company to get a complete view of its data, allowing them to understand its composition, and who is using it. It allows companies to identify sensitive data such as credit card and Social Security numbers, and other information so a company can report any security concerns that may rise. Built in dashboards allow companies to understand data access patterns by monitoring all interactions across all files and users within an enterprise. If there is any user behavior the system finds suspicious, it will take the proper precautions to ensure the right people are notified of the issue, including logging the issue into its own system log.
Dataguise’s platform helps an organization discover, audit, and monitor sensitive data in real time. The platform monitors all of the data whether it is within the enterprise or on in the cloud. Dataguise offers templates for companies to use to create their own policies, and allows them to build their own data elements. The dashboards on the platform allow an organization to determine who is accessing data and when, and sends alerts whenever sensitive data is discovered. The platform offers an automated method to encrypt all information within all data repositories and helps ensure companies are compliant with privacy and regulatory mandates.
If you are a data controller, or processor and your data processing activities relate to the offering of goods or services (paid, or free) to, or monitoring the behaviour (within the EU) of, EU data subjects, then you need to find a solution which meets the requirements within the GDPR.
Are you able to meet these key requirements of the GDPR?
- Easy access to an individual’s personal data
- Transparency on how this data is processed
- Allow the possibility to object to it and to gain explicit consent
- Data portability – The ‘Right To Be Forgotten’
Our new approach to data management centres around our Data Stream Manager (DSM) solution which has by default incorporated these key requirements, from inception to design and implementation, as part of our privacy by design company principles. The DSM can quickly help your organisation meet the needs of the GDPR and allow you to leverage your omnichannel data in a privacy compliant way.
Investments in security are at an all-time high, yet successful cyber-attacks are still on the rise, both in number and sophistication. While today’s fast-paced technology innovation powers new strategic initiatives, it also opens new doors for cyber criminals. They target financial assets and personal data, but also intellectual property and critical infrastructure. Our Secure.Vigilant.Resilient. approach helps you get ahead of cyber risk so your business can keep moving forward.
Demand Progress is 501(c)4 entity, with 501(c)3 sponsorship from the Citizen Engagement Lab Education Fund. Demand Progress is a national grassroots group with more than two million affiliated activists who fight for basic rights and freedoms needed for a modern democracy.
To simplify, clarify, and unify the ECPA standards, providing stronger privacy protections for communications and associated data in response to changes in technology and new services and usage patterns, while preserving the legal tools necessary for government agencies to enforce the laws, respond to emergency circumstances and protect the public.
Digital Guardian’s threat aware data protection platform safeguards your sensitive data from insider and outsider threats. By harnessing our deep data visibility, real-time analytics and flexible controls, you can stop malicious data theft and inadvertent data loss.
DPO Network Europe is a specialized recruitment firm focused exclusively on European data protection and privacy roles. With ever-increasing demand, we are privileged to work for a broad range of industries, from large multinationals to medium-sized organizations all of which strive for successful privacy compliance programs. Thanks to our domain expertise and growing network of high-calibre candidates spanning 30+ countries, we have become the trusted recruitment partner to the world's top brands for their in-house and contract privacy job vacancies based in Europe. The foundation of our success lies with our people who are privacy-savvy and who deliver. Let's introduce you to top privacy talent for your business. Connect with us!
DPOrganizer offers a platform to help companies map, visualize, report, and manage their processing of personal data. The platform asks questions such as the purpose and legal basis of data processing, data processors and their instructions, data controllers and their responsibilities, storage, accessibility and retention time of personal data. It also allows companies to upload documentation such as privacy policies, processing agreements and privacy impact assessments to the software. DPOrganizer creates reports for organizations to use to find out where data is stored, and how it is used both internally and externally. The platform alerts users to any changes that have been made, and notifications are sent if any information needs to be updated.
EFF is the leading nonprofit organization defending civil liberties in the digital world. Founded in 1990, EFF champions user privacy, free expression, and innovation through impact litigation, policy analysis, grassroots activism, and technology development. We work to ensure that rights and freedoms are enhanced and protected as our use of technology grows.
EPIC is a public interest research center in Washington, DC. EPIC was established in 1994 to focus public attention on emerging privacy and civil liberties issues and to protect privacy, freedom of expression, and democratic values in the information age. EPIC pursues a wide range of program activities including policy research, public education, conferences, litigation, publications, and advocacy. EPIC routinely files amicus briefs in federal courts, pursues open government cases, defends consumer privacy, organizes conferences for NGOs, and speaks before Congress and judicial organizations about emerging privacy and civil liberties issues. EPIC works closely with a distinguished advisory board, with expertise in law, technology and public policy. EPIC maintains one of the most popular privacy web sites in the world - epic.org.
Enforcive is a leader in developing comprehensive security solutions to help businesses reduce workloads, satisfy auditors, and improve responsiveness to security threats. Enforcive enables System Administrators to easily manage security and compliance tasks efficiently and effectively.
As many organizations have learned, sometimes the hard way, cyber attacks are no longer a matter of if, but when.
For EY Advisory a better working world means solving big, complex industry issues and capitalizing on opportunities to help deliver outcomes that grow, optimize and protect our clients' businesses.
Our global mindset and collaborative culture across our diverse team of consultants and industry professionals inspire us to ask better questions about the cybersecurity challenges you face. We then team with you to co-create more innovative answers – to activate a foundation that protects the business as it is today, adapt that foundation as the organization and threats change, and anticipate attacks that may be coming.
EuroComply’s software is designed to help companies implement and understand the General Data Protection Regulation. The software offers a self-service audit function to guide an organization through a data protection audit of the entire company, assessing its current state of compliance. The answers from the audit will help the software offer suggestions of training to prepare for the GDPR and demonstrate accountability. The software also helps evaluate privacy awareness and training effectiveness and can assist in discovering issues in records management, as well as assessing whether third-party services used by the company could affect compliance status.
Exonar’s platform helps organizations identify sensitive information and classify it into categories based on where the information is located, such as the cloud, file shares or mail servers. It also identifies documents containing passwords and confidential data, and monitors what data is created, moved, or deleted. The platform allows companies to profile their information based on whether it is sensitive, regulatory, legislative, or outdated. It lets organizations build data maps and can send actions to data owners and business systems, while allowing companies to automate their policy enforcement.
Fat Security provides complete and transparent information about companies that develop security and privacy products. This tool aggregates antivirus test scores over a long period of time from multiple AMTSO-licensed testing organizations. A database of 10,000+ test scores provides complete insight for anybody who desires to compare the different antivirus companies. The professional reviews and in-house testing act as a supplementary layer of information.
Enterprise Content Management & Defensible Disposition
The breadth of our litigation, regulatory and technology experience enables us to assist our clients in developing and implementing holistic, company-wide content management strategies designed to allow employees to retain information needed to fulfill legal and business needs, and efficiently locate and access information, while properly and systematically disposing of “data debris.”
Regulatory obligations impact the entire information lifecycle. Our deep knowledge of U.S. and international regulatory requirements empowers us to help clients launch information governance programs designed to meet regulatory obligations and to harmonize existing information management and security policies and practices into enterprise-wide information governance frameworks.
eDiscovery & Legal Holds
We have decades of experience advising clients on a host of eDiscovery and legal hold issues, and addressing eDiscovery and legal hold practices in the context of court and regulatory proceedings. We call upon this experience in helping clients implement reasonable eDiscovery and legal hold policies, procedures and processes that fit their unique cultures and technology environments.
Data Privacy & Cybersecurity
The depth of our knowledge of U.S. and international laws and regulations, enforcement actions, standards and industry guidelines provides the framework upon which we advise clients on their data privacy and protection obligations. We offer our clients a full range of data privacy and cybersecurity assistance—from guidance on secure information systems to investigating data breaches.
Fight for the Future is a non-profit organization founded in 2011 whose mission is to ensure that the Web continues to hold freedom of expression and creativity at its core. We seek to expand the Internet’s transformative power for good, to preserve and enhance its capacity to enrich and empower. We envision a world where everyone can access the Internet affordably, free of interference or censorship and with full privacy.
We're working to create a world where people have the information and opportunities they need to tell their own stories, hold leaders accountable, and participate in our democracy. We fight to save the free and open Internet, curb runaway media consolidation, protect press freedom, and ensure diverse voices are represented in our media.
FPF is a Washington, DC, based think tank that seeks to advance responsible data practices. The forum is led by Internet privacy experts Jules Polonetsky and Christopher Wolf and includes an advisory board comprised of leading figures from industry, academia, law and advocacy groups.
Ghostery offers several privacy solutions, including its Ad Notice tool, which helps organizations to give their consumers control to the ads served. This tool ensures companies stay compliant with AdChoices, while giving consumers transparency into what ads a company is delivering to them. Ghostery also has a GDPR Assessment Report to help companies comply with the upcoming regulation by identifying third-party activity on their website while offering privacy analysis.
Glenmont Group is a full-service executive search firm offering an array of recruiting solutions to its law firm, corporate and professional services clients. Our objective is to help our clients to strengthen and improve their organizations by maximizing their most valuable asset, their human capital. Glenmont Group's talent acquisition strategy is a combination of our ability to recruit talent, leverage the latest technologies and effectively use social media. This proven approach equates to a smooth hiring process and successful placements.
Halo Privacy runs its solutions through its Halo – Corona privacy appliance, allowing for companies to use its collaboration and messaging applications. Halo offers software to let users bring all of their communications under one roof, providing private, real-time messaging and searchable archives. Halo also lets an organization secure all their information onto the privacy platform, and allows users to securely deliver emails on the platforms they currently use. The company also offers a secure VPN option.
Harris, Wiltshire & Grannis LLP provides comprehensive privacy and cybersecurity representation for communications, information technology, digital marketing, aerospace, defense, health care‐related, and internet‐enabled‐product businesses. Our experienced team draws on years of senior government service as regulators, trade negotiators, and prosecutors, in addition to in‐depth corporate transactional experience, for a comprehensive understanding of the privacy and data security landscape.
Heliometrics’ solutions include its Healthcare Privacy Analytics, which monitors the access to electronic protected health information within a health care organization to ensure patient data privacy. All findings are displayed as interactive visualizations, allowing organizations to identify any behavior requiring further attention. Heliometrics also helps health care organizations and patients monitor when participants access electronic health records. Heliometrics’ Individual Patient Access Report discloses to patients when their information is accessed, and for what purpose. This is designed to help quickly answer any patient requests for who, or what organizations, has accessed their electronic health records.
The HPE Security Services team and security partner ecosystem can help support your business goals with a 360 degree cyber risk assessment. Our IT protection services cover infrastructure, software, networks, storage and data.
such as HPE ArcSight SIEM give you powerful detection and response capabilities. Use our tools, methodologies and analytics to conduct predictive security, analyze logs and prioritize security events.
HPE backup and recovery solutions protect your information intelligently across physical, virtual and cloud infrastructures. You get visibility, access and control of information via any endpoint device.
HexaTier can discover and classify sensitive data. It will scan according to regulations, and will scan for data on a schedule assigned by the company. The solution offers database activity monitoring, which means it will compile an audit of logins, admin commands, access, queries, and stored procedures. It will send out real-time alerts and compliance reports and offers advanced notice before and after auditing for personally identifiable information. The solution also masks data when it is in motion, but does not do so for data at rest.
Hirschler Fleischer is a full-service firm engaged in a diverse and sophisticated legal practice. Founded in 1946 by Edward S. Hirschler and Alan G. Fleischer, the firm serves clients throughout the U.S. from its headquarters in Richmond, Virginia and offices in Fredericksburg, Virginia.
At Hirschler Fleischer we approach our work with the entrepreneurial spirit established by our founders and are dedicated to our clients and their needs. We embrace a passion for the practice of law that engenders a commitment from our attorneys and staff to provide creative and practical solutions for our clients and the community.
Whether it’s personally identifiable information, payment or healthcare information, or your intellectual property, your data means money to cybercriminals. Imperva protects cloud applications, websites, web applications, critical databases, files and Big Data repositories from hackers and insider threats—ultimately protecting your data—the one thing that matters most. Imperva market-leading cyber security software products include:
- Incapsula and SecureSphere for DDoS Protection
- Incapsula, SecureSphere and ThreatRadar for Application Security and Threat Intelligence
- SecureSphere, Skyfence, and CounterBreach for Data Security and Breach Prevention
Indigo Security AS is a small consulting company located in Norway. We provide information security and privacy services to our customers.
Informatica is a data management and security company with market products in all categories of data management. Informatica’s data security helps organization detect and protect by locating and analyzing risk, monitoring and protecting structured and unstructured private and sensitive data. Its solutions classify and locate PII, how it’s accessed, and develops a risk score to prioritize remediation with the orchestration of data protection; including access controls, encryption, tokenization, and masking. Informatica’s platform also monitors data flows, access and behaviors, and alerts clients to unusual or anomalous events. They provide data anonymization and protection with dynamic and persistent data masking.
Integris helps companies automate compliance with privacy laws, contractual agreements, and company policies, both on premise or in the cloud. By integrating with existing systems, Integris provides visibility into where personal information exists across the privacy lifecycle, from the terms under which it was collected to who is using it, and how it is being used. This solution discovers and tags personal information across structured and unstructured systems, tracks data subject consent and rights requests, and applies machine learning to evaluate the risk associated with personal information practices.
Data Protection Due Diligence Services
The enactment of the Data Protection Law started a new era for all real and legal persons which deal with data in Turkey. Therefore, compliance with the new rules are very important for a business to run smoothly. To ensure this, we have developed a data protection due diligence module where we review the data collection & processing practices of your business and provide you with a report and a list of recommended actions.
Data Protection Employee Handbooks and Trainings
Understanding the data protection rules may be easy for managers or legal counsels. However, for full compliance of your business with the data protection legislation it is imperative for every employee to understand the concepts of privacy and data protection. Therefore, we draft employee handbooks specific to your organization’s needs and we also provide data protection trainings to avoid risks that may arise due to wrong handling of personal data.
Daily Legal Advice in Data Protection & Privacy
We provide daily data protection advice to local and foreign companies from a range of sectors including e-commerce, retail, life sciences, banking, gaming and IT. We advise on how to legally collect, process and transfer personal data. Further we provide legal advice on transfer of personal data to foreign countries.
Privacy Policies & Cookie Policies
Our team is the creator of the privacy policies and cookie policies of top local and foreign retailers and e-commerce companies in Turkey.
Investigative Due Diligence
Using a combination of public domain sources, reliable business and industry contacts and prudent analysis, IPSA’s comprehensive due diligence services add value to corporate decision makers by providing crucial information and intelligence about prospective partners, clients, distributors, vendors, competitors, employees, board members or litigants. Read More
Enterprise Risk Management
IPSA’s Enterprise Risk Management group helps organizations to be more resilient, endure challenging times and to capitalize on opportunities within apparent crises. Our integrated consulting services are created to help clients mitigate risk and enhance systems and processes in place to improve long-term performance.
The Litigation Support Group has an intimate knowledge of the processes required to design, manage and conduct comprehensive investigative solutions, evaluate the results and produce detailed reports enabling clients to address existing problems and mitigate future risk.
root9B, IPSA International's sister company, is an internationally recognized firm with experts dedicated to the delivery of solutions and services based on cutting edge technology, advanced cyber tactics and deep mission experience.
Services by Location
IPSA has conducted a range of services globally.
Improving business performance, turning risk and compliance into opportunities, developing strategies and enhancing value are at the core of what we do for leading organizations.
Helping transform risk and compliance efforts into competitive advantage by applying a risk lens to corporate strategy to improve risk intelligence and decision making, protect financial and reputational assets, and enhance business value.
Kroll offers several different technology solutions for its users. Kroll offers flexible technology tools to help companies design and set up compliance programs and policies. Kroll’s Third Party Compliance portal is a web-based due diligence, governance and compliance platform allowing companies to manage the risk they take on by assessing the third parties they work with. Kroll also offers a 3rd Party Risk Assessor compliance software solution accomplishing the same goal. Kroll features a web-based credit monitoring service allowing users to keep track of personally identifiable information that may be compromised during a cyberattack.
Kryptowire’s services are designed to examine mobile applications. Its analytics services collect, store and continuously monitor mobile app data from marketplaces across all major platforms. Its EMM+S continuously monitors the security of every mobile app on a device against high assurance standards, while enforcing enterprisewide privacy and security policies. Its software assurance solution performs security analysis on third-party apps from different operating systems to identify apps putting an organization’s data, network, user privacy, and resources at risk. It also offers continuous authentication to analyze user behavior to detect any unauthorized users attempting to use the device.
LenznerGroup Ltd. is a premier leader in executive search services, dedicated to Global Security, Technology Risk Management, Cyber Defense, and Digital Transformation arenas. Established in 1997, our firm is recognized for its success in advising and connecting a prestigious clientele, with leading talent from Global 500, Fortune 1000, Big 4, professional services, government, R&D, venture capital and high growth markets. Our clients include some of the world’s most recognized and prestigious organizations.
Our candidates include top Chief Security Risk Officers, Cyber Leaders, Enterprise Technology, Privacy, Law and Compliance practitioners from private and public sectors. Our team of search specialists, proprietary database and business intelligence, coupled with vetted industry advisors and relationships worldwide, enables LenznerGroup to deliver superior services and predictive, value-driven results.
Especialidades: Propiedad Intelectual e Industrial, Privacidad, Protección de Datos, E-Commerce, Sociedad de la Información.
Expertise: Intellectual Property, Privacy, Data Protection, E-Commerce, Information Society
Established in 1982, Major, Lindsey & Africa is committed to meeting the ever-evolving legal search needs of law firms and corporate legal departments. To truly understand the career aspirations of those in the legal field – as well as the needs of the firms and companies that hire them – a recruiter must have experience, focus and in-depth market knowledge of the legal profession. By being committed specialists, our information systems, networks, search and qualification processes – everything we do – is aligned with the legal profession. We know more people in the profession and we know them better than anyone else in the industry. This knowledge has helped us to expand our recruiting service offerings to bring more comprehensive legal recruiting solutions to both law firms and corporate clients. Our deep understanding of our clients' ever-evolving staffing and recruiting needs has led us to launch successful practices in law firm management recruiting (non-legal positions at law firms) as well as the Solutions Practice Group, which focuses on the entire realm of legal human capital and staffing solutions for companies and law firms. Trends in client needs have also led us to open successful legal recruiting practices in London and Asia, servicing the EMEA and Asia Pacific regions, respectively.
Only MarkLogic provides a unique multi-model operational and transactional database that automates the discovery of personal data from all data sources. We empower organizations to meet EU GDPR imperatives, including secure storage and appropriate usage of EU citizens’ personal data. By leveraging multi-lingual full-text search, you can manage the data over time with the right security controls, providing quick responses to EU citizens. The result is better data governance as well as the flexibility needed for continually evolving regulatory rules.
Assemble Effective Privacy Awareness Courses
All of MediaPro’s data protection and privacy awareness courses are built from our Adaptive Privacy Library™ and contain our most popular privacy awareness configurations. You can “mix and match” content between courses as well as select content from MediaPro’s Security Awareness or Compliance Training adaptive libraries. This gives you complete freedom to assemble, brand, and deliver the exact content you need to meet your privacy awareness training requirements.
Mobius Consulting offers a range of services designed to meet your information risk management requirements. We have invested extensively in our frameworks and methodologies to enable us to guide clients effectively and efficiently. From assessments and roadmap development to designing processes and developing the necessary artefacts, we use a holistic approach to deliver sustainable and targeted solutions.
- IT governance
- Information risk management
- Information privacy
- Information security
- Identity and Access Governance (IAG)
- Third party risk management
Our Consentric Platform has consent at its heart. We call it a trust platform, because that’s what we deliver. Consentric opens communication pathways to engage with your customers and strengthen trust. Where personal permissions are sought and consent respected. Where data can be analyzed and insights delivered. Where mutual benefit and an open value exchange are unlocked and potential realized. Leading to a committed and loyal customer base.
The Consentric Platform has security, UK sovereignty, authentication and privacy built in by design. Consentric Permissions connects your organization to every individual. Empowering them to control their personal data and provide the consent needed for their information to be used for specified purposes, aligned to the GDPR.
Nicholson is a specialist technology recruiter, we work with clients ranging from some of the biggest software companies in the world to niche E-commerce start ups. With multi-lingual teams in each of our specialist markets based in London, Warsaw and Poznan we are well placed to support the international growth of our clients and to provide global opportunities for our candidates.
Founded in 2005, Nicholson International was re-launched and re-branded as Nicholson Search & Selection in 2013 to focus exclusively within the Software, E-commerce and Digital markets. The Nicholson name has long been associated with excellence in the Search & Selection market and we have an exceptional track record. Since 2005 we have supported our technology clients in hiring over 1300 sales, marketing and technical professionals.
Nymity offers a variety of privacy-related, software solutions designed specifically for the privacy office. Nymity’s suite of services includes privacy management software that allows the privacy office to demonstrate accountability and compliance and to report on the status of a privacy program with quantitative metrics. In addition to benchmarking solutions to compare privacy programs among organizations, Nymity offers privacy management planning portals and status reports, as well as the ability to assign, communicate and report privacy ownership within the organization. The company also offers a number of privacy templates for GDPR and BCR compliance.
Multifaceted and rapidly evolving, data privacy and data protection laws present many challenges for employers in the United States. Whether our clients are healthcare companies or educators, or in the retail, technology, manufacturing, travel, transportation, or media industries, we are adept at helping them navigate their obligations under this emerging area of state and federal law.
For clients with employees or operations outside the United States, strict data privacy requirements can present a minefield of hidden dangers and potential liability. Our Data Privacy attorneys have considerable experience helping employers manage the intricacies and hazards of data privacy laws worldwide, including throughout the European Union and North America, as well as in numerous jurisdictions in Asia and South America.
OneTrust offers a privacy management software platform designed to help organizations comply with data privacy regulations across different sectors and jurisdictions, including the GDPR and Privacy Shield. It provides assessment automation tools for PIAs, DPIAs, and vendor-risk assessments; maps data to provide a central register of data flows, processing, and reporting; scans sites for cookie compliance; and certifies for Privacy Shield and APEC CBPR commitments. The platform offers dashboards, metrics, and reports for companies to track their progress.
Ponemon Institute conducts independent research on privacy, data protection and information security policy. Our goal is to enable organizations in both the private and public sectors to have a clearer understanding of the trends in practices, perceptions and potential threats that will affect the collection, management and safeguarding of personal and confidential information about individuals and organizations. Ponemon Institute research informs organizations on how to improve upon their data protection initiatives and enhance their brand and reputation as a trusted enterprise.
In addition to our research, Ponemon Institute provides strategic consulting to private and public sector organizations interested in establishing or enhancing their privacy, data protection, and security practices. To ensure that their goals are achieved, organizations engage us to assess their practices and conduct workshops and training programs.
Ponemon Institute is the parent organization of the Responsible Information Management (RIM) Council. The RIM Council draws its name from the practice of Responsible Information Management, an ethics-based framework and long-term strategy for managing personal and sensitive employee, customer and business information.
PwC provides industry-focused services for public and private clients. Our experienced staff, combined with our global network, allow us to provide the support you need—wherever you need it, at home and abroad, whatever the size of your organization.
Prifender is an enterprise privacy technology solution. Its platform is designed to use cyber forensics and advanced data searches to help companies track their data asset usage across their entire organizations. The platform uses artificial intelligence technology to detect sensitive data and identify data flows. Prifender helps organizations discover and map personal information across all systems, whether they are structured or unstructured. The platform helps companies view, control, report, and query data in order to meet privacy obligations, key performance indicators, and review activities taking place over millions of identities.
Privacy Analytics offers solutions designed to help companies maximize the value of their health care data by using a risk-based approach to deidentification of data. The solution ensures the data value is maximized while complying with various regulations. The company offers software giving companies a consistent approach to de-identifying data and providing risk determination of the company’s data based on how the company intends to use it. Regardless of the format of the data, the software lets companies create automated and repeatable processes for de-identification as the amount of data grows within a company.
Data Protection Centre is a tool to help data protection officers monitor their organization’s privacy compliance status. DPC helps by automating all the repetitive tasks and letting the DPO concentrate on the rest. DPC solves privacy compliance with the different designed modules, each addressing a separate need in the compliance ecosystem. The Inventory Module helps detail what kind of personal data the organization stores and processes. The dashboard gives the DPO an idea of all the personal data that can be found in the organisation and supplier management allows the DPO to monitor and log the compliance status of all the third-parties.
Our singular goal is to provide Privacy Law & Regulatory compliance solutions for your entire organization. From addressing a one-off question to a full scope privacy audit, our experienced team will respond to your organization's specific needs.
We are a London-based charity. We investigate the secret world of government surveillance and expose the companies enabling it. We litigate to ensure that surveillance is consistent with the rule of law. We advocate for strong national, regional, and international laws that protect privacy. We conduct research to catalyse policy change. We raise awareness about technologies and laws that place privacy at risk, to ensure that the public is informed and engaged. To ensure that this right is universally respected, we strengthen the capacity of our partners in developing countries and work with international organisations to protect the most vulnerable.
Dedicated resources to assist clients in development or enhancements of their privacy and data protection programs. We specialize in areas such as GDPR, HITECH and GLBA preparation, defining metrics and measurements based on your company's operations, locations and type of personal data collected.
International data transfers are a function of many business operations, Privacy International, LLP has extensive experience to achieve or enhance organizational compliance and improve the customer experience. Our methodology is that every client shall be treated with integrity, dedication and awareness of the business goals.
The Privacy Laws & Business Recruitment Service has been running since 1997 with an unrivaled success rate. It was established in response to clients who were unable to source specialist data protection and privacy professionals through generalist recruitment agencies. Now many organizations with data protection and privacy vacancies come straight to Privacy Laws & Business.
Privacy Laws & Business specializes in placing skilled data protection and privacy staff in permanent or contract positions, including short term projects. We can recruit for all types of vacancies ranging from global, Europe, Middle East & Africa and UK roles.
Having established a leading presence in the data protection and privacy recruitment market we offer an unrivaled service to our clients. We have become market leaders because unlike other recruitment agencies, we understand data protection and privacy.
PRC is a California nonprofit corporation with 501(c)(3) tax exempt status. Our mission is to engage, educate and empower individuals to protect their privacy. We identify trends and communicate our findings to advocates, policymakers, industry, media and consumers.
PrivacyCheq allows privacy officers to test a variety of different user flows and strategies to best obtain the consent of users in order to comply with the General Data Protection Regulation. Privacy offices can use these different methods to discover the best compliance method for websites, apps and devices. Users of the solution can choose between allowing non-identified consent, or to require identification. ConsentCheq also has features to help companies comply with COPPA and the GDPR children’s privacy rules. The solution offers a consent dashboard, acting as a common privacy management interface for any business using the ConsentCheq cloud service.
PrivacyPerfect provides a natural flow between the four administrations required by the GDPR: data protection impact assessments, prior consultations, processings (including transfers), and data breaches (including breach notifications to supervisory authorities and data subjects). The software supports meeting controller and processor obligations, fulfilling data subject rights, and complying with supervisory authorities’ requests. It enables your organisation to enter and assess relevant privacy records and promote them through the “privacy funnel” while monitoring workflow.
Privasee Ltd is the UK subsidiary of Privasee EU an exciting and innovative GDPR and Data Protection compliance solutions provider. GDPR is a favourite buzzword for many vendors and consultants, but where are the practical plans? Privasee has a great answer. A critical gap that Privasee intimately understands and fills, with expertly designed Privacy Impact Assessment tools, templates and processes, partnered with flexible SCORM compliant training. Most importantly, Privasee solutions enable you to quickly show concrete progress towards compliance, but also flex your approach as UK Data Protection requirements and GDPR benchmarks crystalize.
Promontory’s privacy and data protection team draws upon a unique combination of regulatory, industry, and consulting expertise, resulting in practical, workable solutions that will allow your organization to meet regulatory requirements. We advise clients on the collection, use, transfer, and storage of data — across multiple jurisdictions and industry sectors.
Proofpoint offers automated content analysis to help companies discover sensitive information and track data across the network. The analysis helps a company discover where sensitive data is located and the data that is most at risk for exposure. The Data Discover tool also provides organizations with data visualization and heat maps locating where the data is most at risk. Companies can fix compliance breaches in real time and revoke access to any unwanted users. Proofpoint also offers a Threat Response platform to help companies resolve threats faster by automatically alerting a company to incidents, while collecting and comparing data forensics.
Protenus’ patient monitoring platform consists of two main parts: The first is the analytics and proactive detection piece, which takes big data, machine learning, AI, and combines it with user workflow, HR data, and other elements to create a second-by-second account of all the activity occurring within an electronic health record. The combination can help determine a user’s normal behavior and help detect any abnormalities. The “forensics and investigation” part of the platform lets electronic health record users sift through patient information in a point-and-click interactive interface, while limiting the amount of false positives.
Proteus-Cyber Ltd are specialists in Integrated Risk Management software, now including a ground breaking, comprehensive GDPR software toolkit named Proteus®GDPReady™ and our most recent release, Proteus®GDPReady+™, which adds a personal data listener that can find, track and retrieve personal sensitive data for GDPR.
Proteus®GDPReady™ and Proteus®GDPReady+™ fully supports the GDPR process, providing the DPO with a ready-made suite of tools to model business processes, define what sensitive data exists and where it is, and perform multi-phase Data Privacy Impact Assessments. Our Proteus®GDPReady+™ product has the added benefit of a personal data listener to reduce the cost of GDPR.
Proteus-Cyber can also offer organisations Proteus®GRCyber™, a comprehensive digital security application that brings together all your security products under one security framework, systematically testing each and every control deployed, using best international practice.
QuintessenceLabs’ suite of Data Security technology, products and solutions protect digital information in-transit, at-rest or in-use. We harness unique quantum science properties to strengthen the foundation of your security, combined with advanced key and policy management and encryption capabilities.
Our Security Products integrate seamlessly into existing systems, while building a strong foundation for future data security systems.
RADAR is a decision support solution that provides privacy and legal professionals efficient, timely, and accurate information for making decisions regarding regulatory compliance, contractual obligations, and data breach notification laws. RADAR serves as an operational infrastructure for managing and responding to data privacy and security incidents involving PII and/or PHI. The patented Breach Guidance Engine™ uses multiple risk factors to score each incident, producing a heatmap that quantifies the incident’s severity, data sensitivity, and whether it is notifiable under federal and state breach laws or contractual obligations. The engine provides the framework to address GDPR incident response requirements. RADAR’s legal library is always current, providing up-to-date information on existing and pending regulations.
RELX Group is a world-leading provider of information and analytics for professional and business customers across industries.
Our goal is to help our customers make better decisions, get better results and be more productive. We do this by leveraging a deep understanding of our customers to create innovative solutions which combine content and data with analytics and technology in global platforms. These solutions often account for about 1% of our customers’ total cost base but can have a significant and positive impact on the economics of the remaining 99%.
The Group serves customers in more than 180 countries and has offices in about 40 countries. It employs approximately 30,000 people of whom half are in North America.
The Resilient Incident Response Platform integrates with an organization’s existing security and IT system to make sure alerts are instantly actionable, offers intelligence and the context of an incident, and enables adaptive response to complex threats. Teams can collaborate on their response within the platform. It offers analysis, customizable dashboards, and reporting to ensure senior leadership can access information on an incident at any time. Included in the platform is a privacy module providing information on global regulations and data breach response plans instantly mapping to the latest regulations. The maps help organizations simplify their response by removing regulatory complexity.
Consultancy in privacy, assessment, audit and declaration of compliance within EU privacy directive, ISO 2700x-standards and more. REVI-IT is a state authorized accounting firm, specializing in audit work within IT.
root9B’s product technology provides real-time hunt, assessment, and analytic capabilities crucial to breach prevention, predictability, and defense. Our products, services, and platforms are a vital and empowering complement to a complete, proactive information security solution.
ORION is root9B’s Active Adversary Pursuit (HUNT) operations platform. The ORION platform has been deployed in Fortune 500 networks to conduct global HUNT operations. Based on a strategy of active network defense, adversary pursuit, and threat deterrence, this platform provides cybersecurity professionals with an aggressive capability to conduct remote active defense operations throughout a client network.
ORKOS is root9B's credential assessment capability. ORKOS identifies exposed credentials that can lead to major network breaches by allowing an attacker who compromised one system to take over many more. ORKOS combines comprehensive data collection, advanced logic, and cutting-edge visualization to identify the critical links attackers will exploit during a breach. It characterizes both the immediate risks and higher-order effects to show the total impact of credential theft within a network. ORKOS can also simulate a client’s network environment to support pre-exploitation remediation and mitigation actions.
DAEDALUS is root9B’s advanced cybersecurity training, exercise, and development environment. The DAEDALUS cyber operations range is a robust simulation platform supporting comprehensive cyber force training, tactics development, and capability testing. This tailored, agile, and modular platform supports complete cyber force certification and validation of full spectrum courses of action driven by the specific needs of commercial, government, and critical infrastructure market segments.
Parent company: root9B Technologies
As a pioneer in the Identity Protection industry, SafeDataTrust has become known as an innovator and strong consumer advocate. SafeDataTrust is a privately held corporation that is recognized as an industry leader in providing consulting and third-party administrative services to the identity theft protection industry. With a strong track record in developing privacy and security software for the financial services industry, it was a natural progression to fill a dramatic need when we developed identity protection and verification services in 2004.
SecuPi protects against malicious data exposure and prevents monetary loss across enterprise and web applications. It enables quick and accurate classification of sensitive and regulated data. Our application-server agents analyze sensitive data flows in real-time, detecting malicious insiders and hackers using activity profiling and peer comparison with instant response. Dynamically mask/anonymize/block and apply row-level security, stopping malicious insiders and hackers in their tracks.
Monitor all user activity and know who is accessing which data and when
Detect internal and external threats with sophisticated analytics and risk scoring
Prevent access to high-risk applications and protect data by blocking malicious users
Secure Digital Solutions is a private consulting firm that helps companies build strong information security and privacy programs around clear priorities—for confidence that can be measured. Based in Minneapolis with certified experts in privacy, security and compliance, SDS serves clients across the nation in highly regulated industries including health care, financial services, energy, government services, food distribution, and education.
SecurityHeadhunter.com is an Executive Search Firm specializing in the recruitment and placement of Information Security and Risk Management talent with clients throughout the U.S.
Whether you are an Employer in need of security talent or a Security Professional looking to develop a confidential relationship with a Security Recruiter, we encourage you to discover how our 10+ years of Security Recruitment experience can work for you.
SecurityRecruiter.com specializes in direct security recruiting for Global Information Security, Cyber Security, Corporate Security, High-Level Physical Security, Converged Security, Risk Management, IT Audit, Global Privacy and Global Compliance talent.
The Security Scorecard platform is a risk assessment manager allowing an organization to get risk ratings on all of their vendors. The platform allows the organization to monitor those vendors to see if there are any changes in their risk standing. Companies can sort their vendors by their level of risk and find critical vulnerabilities across their entire portfolio. The platform allows companies to receive a breakdown of the categories where their vendors struggle and has a questionnaire to ensure vendors are in compliance with different frameworks. Vendors are invited to fix their troublesome areas, and the platform gives remediation advice to solve any issues.
Signatu is a self-service cloud solution designed for companies to create privacy policies that are compliant with the GDPR. The service does this by offering an online questionnaire asking about the company’s data processing activities. Companies have the option of answering a simple version of the questionnaire, or a more in-depth version. Once completed, the company is given a snippet of code it can use to implement the policy onto their site. Signatu also tracks user consent to the processing of personal data, and maps the data processing activities of the company, both internal and with third parties.
Legal advisor for cybersecurity and personal data protection.
Skyhigh’s platform allows an organization to enforce policies in both corporate sanctioned and employee introduced cloud services. The platform finds all cloud services in use and assess them a 1-10 score based on enterprise readiness, revealing gaps in cloud policy enforcement. It has real-time coaching and policy enforcement to guide users to corporate-approved services. The platform finds sensitive or regulated data both in motion and at rest, and captures all user activity in the cloud and uses entity behavior analytics to detect insider threats and compromised accounts. The platform lets an organization edit a user’s role and permissions in real time.
SmartDraw helps you create over 70 different types of diagrams. SmartDraw contains all the needed data flow diagram symbols and easy-to-use templates that help you get started. Stamp shapes to your drawing area and connect them easily with keyboard shortcuts or intuitive commands located on the SmartPanel to the left of your drawing area.
You can even nest different levels of data flow diagrams by using SmartDraw's hyperlink function.
State Farm is a family of insurance and financial services companies that together serve tens of millions of customers in the U.S. Our many lines of business together offer over 100 products.
Teleperformance connects the biggest and most respected brands on the planet with their customers by providing customer care, technical support, customer acquisition, digital solutions, analytics, back-office and other specialized services to ensure consistently positive customer interactions. When your customers contact you or vice versa, we are there to support them and make sure they have a unique experience with your brand in all channels.
By bringing together technology, advanced statistics and customer interactions, we transform data into opportunities. Our smart and tailored solutions predict customer behavior and define the best strategy for your company.
Teleperformance Internet Interactions offers a comprehensive suite of services that are fully customizable and capable of fulfilling client requirements by lines of business, segmentation, operating systems and devices.
e-Performance is Teleperformance’s solution to engage, interact and connect your brand with your customers using all social media channels. We help you get the most out of social media. We help drive customer satisfaction Using a combination of customer knowledge and engagement, our 3-part solution helps drive customer satisfaction.
As one of the only employee-owned IT firms in the United States, we are motivated to create a “Signature IT Experience” with every client. As Newberry Employee Owners, we bring ethical behavior, professional excellence, and uncompromised integrity to achieve client, individual, and corporate goals.
Why Choose Newberry Group?
Since 1996, Newberry Group has been meeting client needs within the Defense, Civil, Intelligence, and Commercial business communities. We understand our clients and are committed to exceeding expectations for quality, responsiveness, and technological innovation.
Meet Our Experts
Newberry Group is an experienced team of highly-skilled and certified cyber security professionals with Cleared Personnel up to and including TS/SCI Full Scope Poly. Many of our experts are well-recognized in their field and our management team is comprised of seasoned veterans and innovators.
Lauren Reid of The Privacy Pro is a global privacy compliance expert, providing a range of services to clients around the globe with a focus on BCR and GDPR. Lauren has over 10 years in privacy and data protection, in client service and as an in-house privacy officer. She has in-depth knowledge of privacy laws, as well as technical expertise and the operational experience to implement programs. Lauren is the co-author of the leading methodology for privacy accountability reporting (Nymity Privacy Management Accountability Framework™ and Data Privacy Accountability Scorecard™); and frequently speaks and publishes thought leadership on demonstrating compliance and operationalizing privacy. Lauren is based in Toronto and London; she is available for short or long term consulting projects anywhere in the world.
Responding to a Data Breach
If an organization has been the victim of a data breach, we provide rapid and comprehensive incident response under the protection of the attorney-client privilege. Our firm will triage the incidents to counsel clients on the appropriate response. Often an organization will be able to resolve data security incidents without litigation or even public disclosure, through experienced understanding of applicable statutes or through strategic engagement with regulators. The legal components of post breach response are varied and complex and may include:
- Notification of Affected Individuals
- Law EnforcementForensic Investigation
- Notifying Insurer
- Public RelationsLitigation
A ProactiveApproach to Cybersecurity - Privacy, Information Security and Cybersecurity Posture Improvements
Trenam offers clients a comprehensive look at the organization’s information management and security practices, and recommends necessary steps to not only comply with the law but to ensure greater protections by implementing best practices for the organization’s particular business sector. This includes design of protocols for data security, sharing and use of data, e-discovery readiness, and records retention, among other things. We can help organizations formulate or revise privacy policies to comply with new laws or adjust to new technologies or changes in operations. Most importantly, we can act as a vital part of an organization’s team that includes C-level, technology, human resources, and public relations professionals.
The Trust Hub platform allows organizations to monitor how personal data is used, stored and processed at every level of their operation. The platform tracks the key metrics to ensure companies are complying with the GDPR, while also identifying systems or processes creating compliance risks. The platform uses a rights manager to allow companies to adjust access requests to data, and audit trails to create an accurate log of the access to personal data. The platform has a consent manager that allows companies to capture, update and manage consent in real time, while also offering a location heat map to pinpoint exactly where data resides within an organization and supply chain.
TRUSTe offers privacy compliance and risk-management solutions to help design and build privacy programs, assess and remediate risks, and manage and demonstrate compliance. It offers a data privacy management platform, which includes website/app scanning; a data inventory manager; an assessment manager dashboard, including off-theshelf PIAs, cross-border data transfer and customized enterprise privacy management solutions; and cookie and ad-compliance managers. It has scanning technology for insight into PII, data collection, firstand third-party trackers, and risk levels. TRUSTe offers a central, searchable repository for audit trails, and a dispute-resolution service as well as an assessment manager for compliance review and reporting
Trustwave helps businesses fight cybercrime, protect data and reduce security risk. With cloud and managed security services, integrated technologies and a team of security experts, ethical hackers and researchers, we enable businesses to transform the way they manage their information security and compliance programs.
Unisys is a global information technology company that specializes in providing industry-focused solutions integrated with leading-edge security to clients in the government, financial services and commercial markets. Unisys Security Solutions deliver advanced security in a trusted and efficient way that addresses our clients' most complex and mission-critical security and data protection challenges.
Unisys Stealth protects data by concealing endpoints, making them undetectable to unauthorized parties inside and outside the enterprise. Stealth micro-segmentation enforces strong encryption of data-in-motion, which enables appropriate and compliant information sharing, while respecting data privacy and integrity.
Managed Security Services
Unisys Managed Security Services deliver comprehensive real-time protection. We help organizations manage overall risk by improving their security and compliance posture.
Unisys works with you to architect a robust security and data protection program that enables your organization to reduce the attack surface, improve efficiencies, meet regulatory mandates and manage security across your enterprise.
Varonis offers products designed to help companies combat cyberattacks and insider threats. Its enterprise security software uses entity behavior analytics to profile anyone using data and will alert the proper channels whenever there is any suspicious activity. It uses predictive threat models to notify if there is any abnormal access to sensitive files, account hijacking, or privilege abuse. Its Data Classification Framework helps a company identify sensitive data and shows where it is exposed. The software helps companies protect any exposed sensitive data, and lets them know if it has been breached.
Veritas markets its solutions as tools that enable organizations to harness the power of their information to drive business success. Their “regulatory readiness” portfolio delivers capabilities that allow organizations to gain visibility into their data estate, take action to retain and delete data, and assume control over their data to successfully manage the information explosion. From advanced file and user analytics through auto-classification and cloud archiving, Veritas streamlines the collection of custodian data from multiple sources and reduces the manual effort required to stay compliant. Veritas provides an integrated approach to help with the identification, search, retention, protection, and monitoring of key personal and sensitive data.
Virtru is an email service offering encryption on every single message. Only the sender and the recipient can see the message. The sender can disable forwarding on any messages and can even set an expiration date for the message, down to the minute when it is received. Senders can even revoke access to their emails if they so wish. When an email is received, the recipient opens the email and verifies their identity within a couple of clicks. The Pro version on Virtru offers more features, including an interactive dashboard, warnings of sensitive information within emails, PDF watermarking, read receipts, and the ability to be compliant with different regulations.
The Vysk QS1 smartphone case delivers true end-to-end encrypted secure voice calls by jamming the smartphone’s microphones and using a physically separate audio system and encryption processor to create a secure pathway for voice data. Encryption takes place at the source, not in software, and is made even more secure with the Vysk Privacy Network. QS1 users are able to talk securely and to protect their in-person meetings from eavesdropping, all while using their own smartphones and without changing their habits. The QS1 offers the convenience of making and receiving truly private communications by simply sliding a switch.
Whistic, in addition to its general vendor management solution, offers an online tool allowing companies to conduct risk assessments both internally and with third parties in relation to the Privacy Shield. The Privacy Shield assessment tool includes a self-assessment tool and provides a team collaboration solution to help manage and hold employees accountable for accurate data entry. Whistic then provides a gap analysis report for Privacy Shield and offers an annual registration tool to maintain certification.
Wickr offers a secure messaging service designed for both business and personal use. Wickr offers ephemeral communications, meaning all messages only last for a short amount of time before they are permanently deleted. Users can determine how long the messages will exist before they are eliminated. All messages are encrypted, and no third party, or Wickr themselves, can access them. Wickr offers the same services for group messages as well.
We offer comprehensive solutions and services related to SAP GRC, SAP Security, SAP Role Design, SAP Fraud Management and SAP Audit to meet your complex compliance needs; in addition, we offer an SAP GRC Cloud Solution. Winterhawk Consulting utilizes our experienced resources, sophisticated methodologies and tools to provide cost effective, high quality customer focused solutions that enable customers to optimize their value on SAP Security and GRC spending.
Wizuda’s software solution offers companies a centralized hub for management and authorization of all data transfers in accordance with the GDPR. The solution offers layers of reporting to ensure GDPR compliance and gives companies a 360-degree view of all internal and external data flows by risk category and region. The solution features privacy and data protection impact assessments and authorization workflows. Wizuda’s reporting capabilities enable companies to prove they are in compliance with the GDPR. The solution also lets companies anonymize, encrypt, and securely transfer data within the platform.
Join the Index
Don’t see yourself on the list? This is truly an early effort at recording the players in the field of privacy and we would appreciate to hear from anyone who would like to be included. If you are interested, please send an email to IAPP Publications Director Sam Pfeifle at email@example.com.
Locations have been determined by location information on company websites. If your organization operates in countries not included here, please email a complete list to firstname.lastname@example.org.